mmodestino,
You're exactly right! The time format in the logs is dd-mm-yyyy and it would appear that splunk is expecting mm-dd-yyyy. I am a bit puzzled as to why it chose November to do this (as opposed to July or October or whatever). Maybe it's a different default in splunk 6.5.0 versus the 6.4.x and previous. When I look back in January I see interlaced data for 11-01-2016 and 01-11-2016.
From props.conf:
[application_log]
NO_BINARY_CHECK = 1
maxDist = 75
pulldown_type = 1
REPORT-myname=applicationlogmap
[applicationlogmap]
DELIMS="|"
FIELDS="TimeStamp","ThreadID","LogLevel","ClassName","LogHash","Msg"
I'll read up on how to specify the time/date format and get this resolved. Thanks so much for taking a wild stab! I'll mark your answer as accepted as soon as I verify this works.
... View more