Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
74 results
Sorted by:
01-12-2015
02:32 AM
Hi all!
I have a problem with my log. Some events have only one timestamp, some have two - as in this example : http://docs.splunk.com/Documentation/Splunk/6.2.1/Data/Configure...
- Tags:
- recognition
- timestamp
10-06-2014
07:51 AM
1 Karma
Hi,
I have two different type log files using in Splunk and I do not have any timestamp issue with the first one (date/month/year hout:minute:second). But the other log file timestamp structure i...
01-20-2016
04:31 AM
Hi,
I have a problem with the Splunk timestamp.
I know that when you have a problem with timestamp, you can modify this 2 ways:
1. Add data and modify the timestamp during the steps of a...
11-05-2014
06:20 AM
1 Karma
Hi,
I am trying Splunk and try to evaluate it as a tool for managing the logs of our in-house applications. I am uploading a file with thousands of lines like the following ones (2 sample lines): ...
05-21-2015
09:57 AM
Hi
Until now, I had comma separated text inputs from many of my sources. Using props.conf, I could define the timestamp (e.g. which position and look ahead etc).
However, I anticipate JSON d...
11-23-2014
02:53 PM
We have a firewall sending events to a Splunk indexer via syslog, so we have a section of our inputs.conf file like this:
[tcp://<port over which syslog data is sent>]
connection_host = dns...
10-07-2017
08:55 AM
Hi Folks,
Please anyone help me to configure event linebreaking and timestamp recognition for below format logs.
sample logs:
trc file: "dev_w0", trc level: 1, release: "742"
*
* A...
03-02-2018
09:23 AM
...ation for this?
The logs currently use this variation: 2018-03-02T17:02:09.335Z
What is the recommended way to configure timestamp recognition for the above sample?
01-22-2019
09:11 AM
...eing collected as far back as 1986. I understand that we can utilize a props.conf to configure timestamp recognition on events that are missing identifiable timestamps.
Anyone else have this issue a...
- Tags:
- splunk-enterprise
10-30-2019
07:23 PM
...elated TIME_PREFIX . Perhaps I'm just nitpicking, splitting hairs. Moving on...
From the Splunk docs topic "Configure timestamp recognition", with my additional highlighting:
If you don't s...
