Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

timestamp format of the input files

newbiesplunk
Path Finder
‎08-01-2014 12:41 AM

Hi,
when i forward my input files (c:\data) from server A to Splunk Head at ServerB, the date format was correct for all input files as of yesterday. But today, when the date is 1/8/2014 (dd/mm/yyyy), some files from the server A is recognised as 8/1/2014 (dd/mm/yyyy) and some recognised as 1/8/2014 (dd/mm/yyyy). Why is it so? How and where to correct it to ensure the new data format is recognised as dd/mm/yyyy. thks

Tags (1)
0 Karma
Reply

keerthana_k
Communicator
‎08-01-2014 02:09 AM

You can do this my mentioning your time format in props.conf file:

Under your configuration stanza, you can add

TIME_FORMAT=%d/%m/%Y

This will ensure that the timestamp for all the events of that type are considered in dd/mm/yyyy format.

Reply

somesoni2
Revered Legend
‎08-05-2014 06:21 AM

You might have to configure other attributes for your sourcetype for timestamp recognition and event-breaking. Please provide some sample logs and current sourcetype definition from props.conf (if any, from indexer).

0 Karma
Reply

keerthana_k
Communicator
‎08-05-2014 01:52 AM

Can you paste your props.conf setting?

0 Karma
Reply

newbiesplunk
Path Finder
‎08-05-2014 01:36 AM

how come from the same forwarder, the date format is different for different input files? So strange.

0 Karma
Reply

newbiesplunk
Path Finder
‎08-05-2014 01:00 AM

it works only the first event after restarted the splunk and the subsequent events were returned back to mm/dd/yyyy. ANy thing else need to do? thks

0 Karma
Reply

strive
Influencer
‎08-01-2014 12:44 AM

Can you post your props.conf settings

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...
li.common.scroll-to.top