Hi, I searched a lot and found no answer. I have data with the above timestamp and I want to convert it into local time. extract="year, month, day, hour, minute, second, zone" with (\d{4...
I am receiving the logs from the forwarders and can see latency between index time and event time. We have difference between index time and event time is about 15 to 16 hours on more than 300 for...
...yslog filters to put any messages from the new IP address in the NIPS folder for monitoring. I have restarted the syslog-ng service and the Splunk service.
I have confirmed the logs are being written t...
...ashboard set-up which calculates the difference between the index time and the actual time.
Since its production environment, I assumed that the lag might be due to the below reasons.
The universal for...
I spent a fair amount of time perusing Google and Splunk Answers but couldn't seem to find a solution that made sense... essentially the requirement I have is to display a timestamp in a Splunk d...
I have systems that forward logs via syslog-ng to my splunk server. Systems are in different TZ's mix of EDT and GMT my splunk server/indexer is in EDT. I have the TZ offset displayed in log e...
...ob-6000 [NISP_JDBC_SIBS_Gateway/ProcessDefinition.process/Group/LogAfter]: Error148
When the data is forwarded to the Splunk server and search by it index, it was displayed the Time colum on this k...
...epresents the hour (there is no minute stamp, all data is run on the hour and that field would run from 0 to 23). So the actual timestampfor this event would be 2016-11-17 08:00:00.
I have not yet b...