- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Everyone!
Thank you for your help. Our indexer currently has standard log4j logs as well as some custom logs. The issue occurs when we search for a log4j log (most of them are in this format) we have redundant time values. For example my search result will bring:
»17/10/2012 22:12:45.904[This is the left hand side time with the dropdown arrow] and then the event shows 22:12:45.904 2012-10-17 22:12:45,904.
Is there anyway to remove this redundancy?
Please let me know if this is unclear.
Thank you for your help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello All,
I have figured this out. For all those interested:
I used SEDCMD to accomplish this, giving a regex to match the time from the log4j entry and removing this. I verfied that the timing is correcting with the entry removed. It seems that this SED removal is done after splunk indexes the data.
This page was very usefulfto me. http://docs.splunk.com/Documentation/Splunk/5.0/Data/Anonymizedatausingconfigurationfiles
Thank you all!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello All,
I have figured this out. For all those interested:
I used SEDCMD to accomplish this, giving a regex to match the time from the log4j entry and removing this. I verfied that the timing is correcting with the entry removed. It seems that this SED removal is done after splunk indexes the data.
This page was very usefulfto me. http://docs.splunk.com/Documentation/Splunk/5.0/Data/Anonymizedatausingconfigurationfiles
Thank you all!
