- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- timestamps are different in original log and splun...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
timestamps are different in original log and splunk events
Hi,
My sample log which I've loaded in splunk.
[9/12/13 12:42:44:988 EDT] 000000e1 SRTServletRes W WARNING: Cannot set header. Response already committed.
[9/12/13 12:43:20:410 EDT] 000000d1 ColleagueFact I com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl getColleagueByLogonId Inside : com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl.getColleagueByLogonId(String)
[9/12/13 12:43:28:191 EDT] 0000010a SRTServletRes W WARNING: Cannot set header. Response already committed.
[9/12/13 12:43:37:347 EDT] 000000de ColleagueFact I com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl getColleagueByLogonId Inside : com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl.getColleagueByLogonId(String)
[9/12/13 12:43:37:722 EDT] 000000ce SRTServletRes W WARNING: Cannot set header. Response already committed.
[9/12/13 12:43:38:066 EDT] 000000e1 SRTServletRes W WARNING: Cannot set header. Response already committed.
[9/12/13 12:44:50:846 EDT] 000000de SRTServletRes W WARNING: Cannot set header. Response already committed.
[9/12/13 12:45:02:315 EDT] 000000e1 ColleagueFact I com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl getColleagueByLogonId Inside : com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl.getColleagueByLogonId(String)
[9/12/13 12:45:56:189 EDT] 0000010a ColleagueFact I com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl getColleagueByLogonId Inside : com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl.getColleagueByLogonId(String)
[9/12/13 12:45:57:673 EDT] 000000e1 SRTServletRes W WARNING: Cannot set header. Response already committed
but the splunk shows different timestamps in splunk
9/11/13
7:21:14.400 PM
[9/12/13 12:42:44:988 EDT] 000000e1 SRTServletRes W WARNING: Cannot set header. Response already committed.
[9/12/13 12:43:20:410 EDT] 000000d1 ColleagueFact I com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl getColleagueByLogonId Inside : com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl.getColleagueByLogonId(String)
[9/12/13 12:43:28:191 EDT] 0000010a SRTServletRes W WARNING: Cannot set header. Response already committed.
[9/12/13 12:43:37:347 EDT] 000000de ColleagueFact I com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl getColleagueByLogonId Inside : com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl.getColleagueByLogonId(String)
[9/12/13 12:43:37:722 EDT] 000000ce SRTServletRes W WARNING: Cannot set header. Response already committed.
[9/12/13 12:43:38:066 EDT] 000000e1 SRTServletRes W WARNING: Cannot set header. Response already committed.
[9/12/13 12:44:50:846 EDT] 000000de SRTServletRes W WARNING: Cannot set header. Response already committed.
[9/12/13 12:45:02:315 EDT] 000000e1 ColleagueFact I com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl getColleagueByLogonId Inside : com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl.getColleagueByLogonId(String)
[9/12/13 12:45:56:189 EDT] 0000010a ColleagueFact I com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl getColleagueByLogonId Inside : com.marsh.coreentity.impl.colleague.ColleagueFactoryImpl.getColleagueByLogonId(String)
[9/12/13 12:45:57:673 EDT] 000000e1 SRTServletRes W WARNING: Cannot set header. Response already committed.
As you can see it shows 9/11/13 7:21:14.400 PM for all these events, the same thing is happening for rest of the entries. Can anyone tell me what's going wrong? and how can I resolve this?
Pradi
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think it's because of your timezone in Splunk system configuration. Also you can try to access splunk with the url en-GB instead of en-US
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk user default timezone.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the upper and the lower lock the same?
Have you checked your Splunk user timezone settings?
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
