Hi,

I have log files which have timestamp format like

04/10/2012 07:50:09 - dd/mm/yyyy HH:MM:SS

but indexer thinks it's a mm/dd instead of dd/mm. Logs are monitored by forwarder which has a props.conf

[source::E:\Logging\] 
TIME_FORMAT = %d/%m/%Y %H:%M:%S

But still nothing changed. Data with timestamp, for example 04/10/2012 I can find for April, but not for October. Any suggestions?
Splunk forwarder version - 4.3.4, splunk indexer - 4.3