Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Could not use strptime to parse timestamp "
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
having a problem creating proper TIME_FORMAT for the following data. Seeing "Could not use strptime to parse timestamp " " and not sure what I am missing defining both the milliseconds and timezone offset designation as far as I can tell.
[ <SOURCETYPE NAME> ]
SHOULD_LINEMERGE=true
LINE_BREAKER=([\r\n]+)
NO_BINARY_CHECK=true
CHARSET=UTF-8
MAX_TIMESTAMP_LOOKAHEAD=30
disabled=false
TIME_FORMAT=%Y-%m-%d %H:%M:%S,%3N %z
TIME_PREFIX=^
TZ=America/Chicago
2020-10-23 10:57:55,983 -0500 DEBUG - [
<?xml version='1.0' encoding='utf-8'?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body><query xmlns="http://ws.csd.rsa.com"><request><actionTypeList><genericActionTypes>GET_USER_STATUS</genericActionTy...>]
2020-10-23 10:57:55,978 -0500 DEBUG - [
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><ns1:challengeResponse xmlns:ns1="http://ws.csd.rsa.com"><ns1:challengeReturn xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:ChallengeResponse"><ns1:identificationData><ns1:delegated>false</ns1:delegated><ns1:orgName>OLB_#####</ns1:orgName><ns1:sessionId>ab95:c958c855571:44aa3923-||1603487243547</ns1:sessionId><ns1:transactionId>bb95:c958c855571:44aa3923-_TRX</ns1:transactionId><ns1:userName>#####################</ns1:userName><ns1:userStatus>VERIFIED</ns1:userStatus><ns1:userType>PERSISTENT</ns1:userType></ns1:identificationData><ns1:messageHeader><ns1:apiType>DIRECT_SOAP_API</ns1:apiType><ns1:requestType>CHALLENGE</ns1:requestType><ns1:timeStamp>2020-10-23T15:57:55.585Z</ns1:timeStamp><ns1:version>7.0</ns1:version></ns1:messageHeader><ns1:statusHeader><ns1:reasonCode>0</ns1:reasonCode><ns1:reasonDescription>Operations were completed successfully
</ns1:reasonDescription><ns1:statusCode>200</ns1:statusCode></ns1:statusHeader><ns1:credentialChallengeList xsi:type="ns1:CredentialChallengeList"><ns1:challengeQuestionChallenge><ns1:payload><ns1:callStatus><ns1:statusCode>SUCCESS</ns1:statusCode><ns1:statusDescription></ns1:statusDescription></ns1:callStatus><ns1:challengeQuestions><ns1:challengeQuestion><ns1:questionId>Q3.2</ns1:questionId><ns1:questionText>What was your favorite restaurant in college?</ns1:questionText></ns1:challengeQuestion></ns1:challengeQuestions></ns1:payload></ns1:challengeQuestionChallenge></ns1:credentialChallengeList></ns1:challengeReturn></ns1:challengeResponse></soapenv:Body></soapenv:Envelope>]
2020-10-23 10:57:55,914 -0500 DEBUG - [
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body><ns1:updateUserResponse xmlns:ns1="http://ws.csd.rsa.com"><ns1:updateUserReturn xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:UpdateUserResponse"><ns1:deviceResult><ns1:authenticationResult><ns1:authStatusCode>SUCCESS</ns1:authStatusCode><ns1:risk>0</ns1:risk></ns1:authenticationResult><ns1:callStatus><ns1:statusCode>SUCCESS</ns1:statusCode><ns1:statusDescription></ns1:statusDescription></ns1:callStatus><ns1:deviceData><ns1:bindingType>HARD_BIND</ns1:bindingType><ns1:deviceTokenCookie>PMV66QJ84yt0WNgy4pp1DQY6xTh7lKeTmaMYj1Qf17P4I9%2BOw%2FxkJliLPguyuloMdgQzUrpwtbrhXORfQUgUEKBg17qA%3D%3D</ns1:deviceTokenCookie><ns1:deviceTokenFSO>##################################</ns1:deviceTokenFSO><ns1:lookupLabel>No Label</ns1:lookupLabel></ns1:deviceData></ns1:deviceResult><ns1:identif
</ns1:reasonDescription><ns1:statusCode>200</ns1:statusCode></ns1:statusHeader><ns1:deviceManagementResponse><ns1:acspAccountId>##############</ns1:acspAccountId><ns1:callStatus><ns1:statusCode>SUCCESS</ns1:statusCode><ns1:statusDescription></ns1:statusDescription></ns1:callStatus><ns1:deviceData><ns1:bindingType>HARD_BIND</ns1:bindingType><ns1:lookupLabel>No Label</ns1:lookupLabel></ns1:deviceData></ns1:deviceManagementResponse></ns1:updateUserReturn></ns1:updateUserResponse></soapenv:Body></soapenv:Envelope>]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[ <SOURCETYPE NAME> ]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\r\n]+)\d{4}-
TIME_FORMAT=%Y-%m-%d %H:%M:%S,%3N %z
SEDCMD-trim=s/(?ms).*?(\<\?xml.*\>).*/\1/g
KV_MODE=xml
it's OK, I guess.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[ <SOURCETYPE NAME> ]
SHOULD_LINEMERGE=false
LINE_BREAKER=([\r\n]+)\d{4}-
TIME_FORMAT=%Y-%m-%d %H:%M:%S,%3N %z
SEDCMD-trim=s/(?ms).*?(\<\?xml.*\>).*/\1/g
KV_MODE=xml
it's OK, I guess.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
