Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Syslog event timesteamp not display in correct format with no_priority_stripping = true

matoulas
Path Finder
‎11-14-2019 03:09 PM

Hi,

How do I display the correct syslog event timestamp in Splunk.

this is Syslog Event timestamp when display in Splunk with no_priority_stripping=true.

2019-11-14T14:34:02-08:00

I want to display like 11/14/2019 14:34:02

Below is the syslog event message.

<134>1 2019-11-14T14:34:02-08:00 CPM-1600-1-ECM-ITLAB server - - [meta sequenceId="39" enterpriseId="2634.1.17.16" vendorId="WTI"] CPM: CPM-1600-1-ECM-ITLAB, (AUDIT LOG) DATE-TIME: 11/14/19 14:34:02, USERNAME: super LOGOUT By /X SSH Port 22
host = CPM-1600-1-ECM-ITLAB source = udp:514 sourcetype = syslog

Looking forward to someone that can help out to resolve this issue.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-14-2019 04:34 PM

Do that at search time like this:

... | fieldformat _time=strftime(strptime(_time, "%Y-%m-%dT%H:%M:%S%:Z"), "%m/%d/%Y %H:%M:%S") | ...
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...