Re: date_* fields are being duplicated when only o...

bnolen · ‎11-09-2010

Hi All,

I have a situation where the date_* fields are being duplicated.

This is affecting all events that come from my heavy forwarder to my indexer.

Example screencap below:

woodcock · ‎05-28-2015

This is surely a bug and certainly fixed by now.

bnolen · ‎11-10-2010

if it makes any difference/help:

forwarder version: 4.1.3 build 80534
indexer version: 4.1.4 build 82143

southeringtonp · ‎11-10-2010

Not sure of the cause, but interesting that the date_zone is showing up with two different values...

bnolen · ‎11-10-2010

The search was just:

with the time range restricted to one minute worth of logs.

Lowell · ‎11-10-2010

Can you provide the search that you used in the above example. I suspect this will need to be sent to splunk support.

date_* fields are being duplicated when only one timestamp exists in record