Received error warning "Failed to parse timestamp.... - Splunk Community

Splunk Search

i am trying to debug an issue "failed to parse timestamp". In the splunkd log, i see the following warning :-

02-23-2016 13:55:38.721 -0500 WARN DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event (Thu Feb 23 13:55:38 2016). Context: source::xxxxx.log|host:yyyyy|xyz_log|1123

since this warning is from splunkd.log, the timestamp it showing is indexer time. but i want to know what is the event in the source log when the splunkd is throwing this error, so that i can better the understand reason.

Like this:

index=* _indextime=<Convert '02-23-2016 13:55:38.721 -0500' to epoch manually> _time=<Convert 'Thu Feb 23 13:55:38 2016' to epoch manually> source=xxxxx.log host=yyyyy

Start by looking at the _raw for all events where _time = Thu Feb 23 13:55:38 2016
with the given source and host. There shouldn't be more than a couple.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers, So you searched, “what is the name of the usb key inserted by bob smith?” Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register Is your ...