Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Failed to parse timestamp for event

ml96
New Member
‎07-19-2010 09:48 AM

Splunk appeasrs to be failing to index the server.log for our ATG Joss instances. On the Splunk indexer the following warning can be found in the splunkd.log

I am new to using splunk, any help in resolving this would be great.

07-19-2010 08:35:10.835 WARN DateParserVerbose - Failed to parse timestamp for event. Context="source::D:\Deployments\Jboss\jboss-as\server\slot1\log\server.log|host::UAT80ATGCAD01V|JBOSS|remoteport::1071" Text=" at atg.servlet.pipeline.PipelineableServletImpl.passRequest(PipelineableServletImpl.java:116) at a..."

0 Karma
Reply

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎08-17-2010 05:41 AM

Given the Text of this event, this means that the timestamper tried to find a timestamp in a line somewhere deep into a logged stack trace. It could have been caused by the forwarder disconnecting from the indexer. Is any data indexed from this source?

0 Karma
Reply

Lowell
Super Champion
‎07-19-2010 01:23 PM

Please "edit" you question and add a sample event to it. It sounds like some part of your indexing logic is incorrect (timestamp recognition, or event breaking) but there is no way to provide any specific help without a specific example.

0 Karma
Reply

ml96
New Member
‎07-19-2010 09:59 AM

I have been looking further into this problem. I am seeing many errors like below in the splunkd.log

07-17-2010 03:20:05.782 ERROR TcpInputProc - Error encountered for connection from host=uat80atgcad01v.comops.uk.tesco.org, ip=172.25.41.100. Winsock error 10054

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...