Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

time format in log4j

gcusello
SplunkTrust
SplunkTrust
‎08-04-2017 05:13 AM

Hi at all,
I have a strange question, strange because it should be easy but it doesn't run!
I have log4j logs with a timesamp 

2017-07-26 00:05:21 DEBUG

that is wrongly read by Splunk as

7/26/17 12:05:21 AM

I tried with and without TomeZone.

How can I fix this problem? what I forgot (Holidays are coming 😉 )?

Bye.
Giuseppe

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎08-04-2017 07:22 AM

@cusello, I dont think this is an issue with Time Stamp recognition only for log4j logs. By default this is how timestamp for _time would be displayed for any log.

Try changing Splunk URL from US ( http://<YourSplunkServer>/en-US ) to GB ( http://<YourSplunkServer>/en-GB )

See if time is displayed as 00 hours instead of 12

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎08-04-2017 07:22 AM

@cusello, I dont think this is an issue with Time Stamp recognition only for log4j logs. By default this is how timestamp for _time would be displayed for any log.

Try changing Splunk URL from US ( http://<YourSplunkServer>/en-US ) to GB ( http://<YourSplunkServer>/en-GB )

See if time is displayed as 00 hours instead of 12

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-04-2017 07:54 AM

Yes!
every day I learn!
Thank you.
Bye.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎08-04-2017 09:43 AM

Cheers! Have a nice weekend 🙂

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution
Solution

niketn
Legend
‎08-04-2017 07:22 AM

@cusello, I dont think this is an issue with Time Stamp recognition only for log4j logs. By default this is how timestamp for _time would be displayed for any log.

Try changing Splunk URL from US ( http://<YourSplunkServer>/en-US ) to GB ( http://<YourSplunkServer>/en-GB )

See if time is displayed as 00 hours instead of 12

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-04-2017 05:49 AM

What is the expected interpretation of that log4j timestamp? Splunk's interpretation looks right to me.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-04-2017 06:33 AM

Probably I have an interpretation problem from the italian way to show hours:
12 AM is followed by 1 AM, 2 AM and so on, correct?
In Italy we have 0 AM, 1 AM, 2AM and so on!
Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...