Received error warning "Failed to parse timestamp.... - Splunk Community

Splunk Search

i am trying to debug an issue "failed to parse timestamp". In the splunkd log, i see the following warning :-

02-23-2016 13:55:38.721 -0500 WARN DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event (Thu Feb 23 13:55:38 2016). Context: source::xxxxx.log|host:yyyyy|xyz_log|1123

since this warning is from splunkd.log, the timestamp it showing is indexer time. but i want to know what is the event in the source log when the splunkd is throwing this error, so that i can better the understand reason.

Like this:

index=* _indextime=<Convert '02-23-2016 13:55:38.721 -0500' to epoch manually> _time=<Convert 'Thu Feb 23 13:55:38 2016' to epoch manually> source=xxxxx.log host=yyyyy

Start by looking at the _raw for all events where _time = Thu Feb 23 13:55:38 2016
with the given source and host. There shouldn't be more than a couple.

Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...