About brandnew_users

brandnew_users · ‎04-14-2011

well i've found the answer. It seems that splunk does not go back and update any files (iis logs manually copied to the splunk server) that have been added previously to the props.conf change. I've added a new file and hey presto it has the timezone correct. in case anyone else has this issue this worked for me: --blank props.conf file [iis-2] TZ = GMT

brandnew_users · ‎04-13-2011

First up thanks for responding. I'm using a manual file copy while we eval the product. So copied the file from our IIS server to the test splunk server and then ran add new data (iis) and chose file on this server. iis-2 is the sourcetype for the TZ i've tried using GMT and using Africa/Sao_Tome but with no luck on either. My question is, do i have to delete all the data and then readd splunk offset the time on all previously imported data? If it does change all existing data then I must have something wrong with my props.conf file? Thanks again

brandnew_users · ‎04-12-2011

I think i'm going mad. I'm a brand new user who's eval-ing splunk, seems powerful but i'd like to get all my logs in time order to show app + iis events together. I have a IIS 6.0 web and have manually imported the logs into splunk using the add data and choosing iis logs. I've created a blank props.conf file in the \etc\local directory. in that file is only this: [iis-2] TZ = GMT restart splunk and no change. I've also tried: [sourcetype::iis-2] TZ = GMT - even tried using Africa/Sao_Tome i've also wildcarded the iis-2 with iis*. Nothing seems to work. Do i need to delete all the data for the change to take affect? am i missing something -- very likely! thanks in advance for any and all assistance!

Posts	3
Solutions	1
Karma Given	0
Karma Received	1
Member Since	‎04-12-2011

Online Status	Offline
Date Last Visited	‎06-05-2020 02:02 AM

IIS Timezone Help

Re: IIS Timezone Help

Re: IIS Timezone Help

IIS Timezone Help