Hey community, Need your help!!!! We have lot of internal warn logs for DateParserverbose issue in our splunk prod environment despite passing correct values in TIME_FORMAT, TIME_PREFIX and MAX_TIMESTAMP_LOOKAHEAD attributes in our props.conf. I have listed down warn logs, sample logs and props.conf for your reference. e.g internal warn log- Failed to parsetimestamp in first MAX_TIMESTAMP_LOOKAHEAD (30) characters of event. Defaulting to timestamp of previous event for sourcetype-test Sample raw event logs: Mar 1 07:31:00 xxxxxxx info-message(time=2023-03-01T07:31:00.137, appname=abc, user=john, server=xxx, port=123, msg=logged in) [] [logger] [https:xxxx] Mar 1 08:29:33 xxxxxxx info-message(time=2023-03-01T08:29:33.135, appname=abc, user=moon, server=yyy, port=897, msg=logged in) [] [logger] [https:xxxx] Below is our props and transforms that is used to ingest only clean & required logs to splunk prod: [sourcetype-test] SHOULD_LINEMERGE = false LINE_BREAKER = (time\=)|\w+\s+\d+\s+\d+:\d+:\d+|\) TIME_PREFIX = ^ TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3QZ MAX_TIMESTAMP_LOOKAHEAD = 32 TRANSFORMS-test = test_null, test_parsing [test_null] REGEX = . DEST_KEY = queue FORMAT = nullQueue [test_parsing] REGEX = appname DEST_KEY = queue FORMAT = indexQueue Below are the clean log samples that are ingested to splunk as expected but when I check for internal logs for this sourcetype I am seeing lot of warnings for DateParserverbose. So, just wanted to know 1) why there are warn logs when time related settings are correct and is there any way out to fix my props configs to avoid warn logs related to DateParserverbose ? time=2023-03-01T07:31:00.137, appname=abc, user=john, server=xxx, port=123, msg=logged in time=2023-03-01T08:29:33.135, appname=abc, user=moon, server=yyy, port=897, msg=logged in Thanks in advance!! ... View more