×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
ptlemos
Engager
Member since: ‎12-13-2022
‎12-14-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎12-13-2022
Activity Feed
View All

Re: Why is Splunk is changing day for month?

by in Splunk Enterprise
‎12-14-2022 03:37 AM
1 Karma
‎12-14-2022 03:37 AM
1 Karma
Thanks for the input, configure props.conf on the indexer and solve the problem. ... View more

Why is Splunk is changing day for month?

by in Splunk Enterprise
‎12-13-2022 07:18 AM
‎12-13-2022 07:18 AM
Hi,   i have an edge server with splunk forward to ship log file to indexer. The log is being indexed but splunk is changing days for months. The events start with the example  17:00:16,965;06-12-2022 17:00:16.740;10.129.150.83; This event is from 6 of december but is indexed as 12 of June. The time field is ok but _time not. I add props.conf at app/local on edge server with the following configs but did not resolve [mbe-cdr] TIME_PREFIX = \d+:\d+:\d+\,\d+\; TIME_FORMAT = %d-%m-%Y %H:%M:%S.%Q   Thanks in advance   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-14-2022 04:54 AM
Karma from
View All
Karma given to
View All