Solved: Timestamp not working on Nessus addon

markusswanepoel · ‎06-19-2014

Hi, I'm quite new to Splunk.

I have imported a few Nesses files into Splunk using the addon, however the start_time and end_time fields are not converted to timestamp fields as per the config (eventgen.conf)file.

The timestamp field shows "none" and the start/end_time fields are considered as strings.
I have tested the regular expression in the default file, and it matches.

Please assist.
Thanks

markusswanepoel · ‎06-19-2014

Update:

I have found a solution, you have to uncomment the following lines in the
/opt/splunk/etc/apps/Splunk_TA_nessus/default/props.conf file.

DATETIME_CONFIG =

TIME_PREFIX = end_time="

TIME_FORMAT = %a %b %d %H:%M:%S %Y

The data is now time searchable. I feel this should've been in the documentation.

View solution in original post

markusswanepoel · ‎06-19-2014

Update:

I have found a solution, you have to uncomment the following lines in the
/opt/splunk/etc/apps/Splunk_TA_nessus/default/props.conf file.

DATETIME_CONFIG =

TIME_PREFIX = end_time="

TIME_FORMAT = %a %b %d %H:%M:%S %Y

The data is now time searchable. I feel this should've been in the documentation.

Timestamp not working on Nessus addon

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes