Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

A possible timestamp match outside of the acceptable time window.

jethro_yb
Engager
‎06-27-2013 12:37 AM

06-27-2013 15:30:06.733 +0800 WARN DateParserVerbose - A possible timestamp match (Wed May 10 07:48:27 2000) is outside of the acceptable time window. If this timestamp is correct, consider adjusting MAX_DAYS_AGO and MAX_DAYS_HENCE. Context: source::dm_altKpiRAM|host::head2|dm_altKpiRAM|

what's this log mean?
anyone help?

Tags (2)
0 Karma
Reply

dmlee
Communicator
‎06-27-2013 01:06 AM

it means, your event is long long time ago (2000/05/10 ) , exceed MAX_DAYS_AGO ( default 2000 days ) in props.conf , so Splunk warning you , you should check if the time extract setting is correct or not , or you should amend the props.conf to increase MAX_DAYS_AGO ( from 2000 to 4745 e.g.)

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...