Solved: index time and event log time is mismatching

RASHO · ‎02-27-2019

We are getting events from one of our application ,But the indexed time and event logged time is different ,Please let me know how to fix this timestamp issues and not getting milliseconds in time.

Event list below:

Time Event
2/27/19 { [-]
6:24:31.000 PM @timestamp: 2019-02-27T18:19:59.757Z

Props.conf

[XXXXXX]
SHOULD_LINEMERGE=true
LINE_BREAKER=([\r\n]+)
NO_BINARY_CHECK=true
TIME_PREFIX=@timestamp":
TRUNCATE = 0

tiagofbmm · ‎02-27-2019

Here are what seem to be the settings you're looking for:

SHOULD_LINEMERGE=true
LINE_BREAKER=([\r\n]+)
NO_BINARY_CHECK=true
TIME_PREFIX=(@timestamp)
TIME_FORMAT=%Y-%m-%dT%H:%M:%D.%3Q
MAX_TIMESTAMP_LOOKAHEAD=30

Let me know please

View solution in original post

tiagofbmm · ‎02-27-2019

Here are what seem to be the settings you're looking for:

SHOULD_LINEMERGE=true
LINE_BREAKER=([\r\n]+)
NO_BINARY_CHECK=true
TIME_PREFIX=(@timestamp)
TIME_FORMAT=%Y-%m-%dT%H:%M:%D.%3Q
MAX_TIMESTAMP_LOOKAHEAD=30

Let me know please

index time and event log time is mismatching

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Are you a member of the Splunk Community?

index time and event log time is mismatching

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler