Getting Data In

Meraki TA - Could not identify datetime field for input

Space_Crawler
Observer

Hello, 

I have a fresh install of splunk and Meraki TA App. 

I have configured several inputs in the App, however I am seeing a large number of these error messages under various inputs (for example, appliance_vpn_statuses, appliance_vpn_stats) in the following manner:

2025-02-24 03:12:56,971 WARNING pid=50094 tid=MainThread file=cisco_meraki_connect.py:col_eve:597 | Could not identify datetime field for input: cisco_meraki_appliance_vpn_statuses

Labels (1)
0 Karma

kiran_panchavat
SplunkTrust
SplunkTrust

@Space_Crawler 

Review the following attributes in props.conf for the configured sourcetypes.

TIME_PREFIX
TIME_FORMAT

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma

kiran_panchavat
SplunkTrust
SplunkTrust

@Space_Crawler 

Ensure that the datetime field in your data is correctly formatted and matches the expected format in Splunk.

Verify the "cisco_meraki_appliance_vpn_statuses" input are correctly configured to identify the datetime field

Review the configuration files (e.g., props.conf and transforms.conf) to ensure that the datetime field is properly defined.

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...