About tstewart

tstewart

Thank you! Adding the TIME_PREFIX and TIME_FORMAT fixed the issue. I also added the MAX_TIMESTAMP_LOOKAHEAD and TZ as well.

tstewart · ‎04-02-2026

Hello, I recently enabled a SolarWinds alert in the inputs.conf on the heavy forwarder. The data is now ingesting into Splunk, but the timestamps are appearing in UTC instead of local time. The interval is set to 899. All other SolarWinds alerts ingesting into Splunk are showing the correct local time, so this issue seems isolated to the newly enabled alert. Any guidance on what might cause this specific alert to default to UTC—whether related to the alert configuration, timestamp parsing, or a missing props/transforms setting—would be appreciated.

tstewart · ‎12-05-2024

Thanks PeteAve! I'll try that and see what happens.....

tstewart · ‎12-05-2024

Is this bug this an ongoing issue???? We have upgraded to version 9.3.1 and receives Forwarder Ingestion Latency message. Stating "Root Cause(s) Indicator "ingestion_latency_gap_multipilier' exceeded configured value. The observed value is 1362418. Unhealthy instances: Indexer3. If this bug is still ongoing, can someone please "post the workaround"?? Thanks in advance!!

Posts	4
Solutions	1
Karma Given	2
Karma Received	2
Member Since	‎12-05-2024

Online Status	Offline
Date Last Visited	a month ago

Correcting ingesting timestamp for Solarwinds aler...

Re: Correcting ingesting timestamp for Solarwinds ...

Correcting ingesting timestamp for Solarwinds aler...

Re: Why are we receiving this ingestion latency er...

Re: Why are we receiving this ingestion latency er...

Join the Conversation

Correcting ingesting timestamp for Solarwinds aler...

Re: Correcting ingesting timestamp for Solarwinds ...

Correcting ingesting timestamp for Solarwinds aler...

Re: Why are we receiving this ingestion latency er...

Re: Why are we receiving this ingestion latency er...