Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

failed to parse timestamp at data preview

newbiesplunk
Path Finder
‎09-01-2014 11:39 PM

Hi,
When i do the data preview, it stated "Failed to parse timestamp, defaulting to file modetime". The correct timestamp for my event should be 2 Sep instead of 9 Feb. How to resolve it? If it due to the date configured at the server end or the setting at the splunk? thks

Tags (1)
0 Karma
Reply

newbiesplunk
Path Finder
‎10-02-2014 01:15 AM

Hi,
if i would like to extract the date (dd/mm/yyyy hh:mm:ss) in the content of the file as the timestamp as shown below, how to go abt doing it? thks

File content
Start;server;02/10/2014 16:13:13

Reply

tom_frotscher
Builder
‎09-02-2014 12:23 AM

Hi! Splunk can't automatically resolve your timestamp in this case. Therefore, it can fall back to use the time of the last modification of your logfile as a timestamp. If this is the case, you need to do some additional configuration. Is it possible that you post some example events of your logfile and show us the configuration you use for the corresponding sourcetype? Then we can help you to make splunk considering your timestamp correctly.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...