Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Time Format being ignored, why?

tyronetv
Communicator
‎11-18-2013 06:47 AM

Sample log line date part:

Nov 16 22:48:36

props.conf on indexer



TIME_PREFIX = ^ 

TIME_FORMAT = %b %e %H:%M:%S 

MAX_TIMESTAMP_LOOKAHEAD = 15

Time reported in Splunk - 11/17/13 12:48:36.000 AM

I use "%e" because the day field is populated without leading zero's.

What am I doing wrong?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

tyronetv
Communicator
‎11-18-2013 07:44 AM

1) Splunk is showing me the 'offset' time based upon my TZ setting.
2) For some reason, for this source type ONLY, splunk is showing the AM/PM declaration. Not sure why.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

tyronetv
Communicator
‎11-18-2013 07:44 AM

1) Splunk is showing me the 'offset' time based upon my TZ setting.
2) For some reason, for this source type ONLY, splunk is showing the AM/PM declaration. Not sure why.

0 Karma
Reply
Get Updates on the Splunk Community!

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

💌Keep the new year’s momentum going with our February lineup of Community Office Hours, Tech Talks, ...