Hello!
I have log contains time-date in Unix Epoch format (milliseconds).
One event fragments is:
04,013c5f8ecc0f,013c5f8ecd04,0038af,...
Desired date is contained in column 3 (013c5f8ecd04).
During indexing process Splunk some date perceive correctly, and some not. This values (013c5f8ecd04) Splunk understand as 11/28/11 10:53:54.000 PM. It is incorrect.
Necessary to date indexing perceived correctly.
How can this be done?
Best regards,
Roman
... View more