Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I unsuccessful in trying to parse and set timestamp?

AmyDeluxe0506
Engager
‎06-09-2021 06:08 AM

Hi guys!

I load a log file of apache to the splunk.

In the "Set Source Type" window the system missed the day in the timestamp and I unsuccess to modify it manually.

 

Someone know this problem?

timestamp.png

Labels (2)
Labels
Reply

GaetanVP
Contributor
‎09-20-2022 09:13 AM

Hello @AmyDeluxe0506,

I think the problem is related to the fact that you're parsing a very old log file (from 2004).
I would suggest you to use the Advanced Timestamp option (leave that part empty)

GaetanVP_1-1663690039739.png

 

And to add, inside the "Advanced" window this field :

MAX_DAYS_AGO --> 8035 (or even a greater integer)

GaetanVP_2-1663690227453.png


Let me know if that solved your issue!
Regards,

GaetanVP

 




0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-09-2021 07:20 AM

Try %d/%b/%Y:%H:%M:%S %z as the timestamp format.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...