getting below error after upgrade to latest splunk version:
10-11-2019 08:02:49.775 +0000 WARN DateParserVerbose - The TIME_FORMAT specified is matching timestamps (Sun Nov 10 09:02:47 2019) outside of the acceptable time window. If this timestamp is correct, consider adjusting MAX_DAYS_AGO and MAX_DAYS_HENCE. Context: source=C:\splunk_file\DMVPN Daily Config Backup.txt|host=DTRAFLON2K121|ncm|1584
It is clear to me. Your event with timestamp 10-11-2019 08:02:49.775 +0000 is being *mis*interpreted as Sun Nov 10 09:02:47 2019 instead of Sat Oct 11 09:02:47 2019. This is almost always because you are letting Splunk guess at your timestamp instead of TELLING IT yourself. You need to create a props.conf with these settings:
It appears as though Splunk is using a month-day-year time format instead of day-month-year. To confirm that, please share some sample events (sanitized as necessary) as well as the TIME_FORMAT setting for that sourcetype.
--- If this reply helps you, an upvote would be appreciated.