Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

datetime.xml 2020

riqbal47010
Path Finder
‎12-23-2019 10:55 PM

I am implemented the datetime.xml issue. Now according to article
https://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/FixDatetimexml2020
I want to validate the change.

I create test.csv file as metioned in above link. now how can I upload and validate in my distributed environment.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎12-23-2019 11:07 PM

@riqbal47010

have you check this?

https://www.youtube.com/watch?v=tIcRvw2zx34

Check step 5 in https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020#Validate_timestam...

Using the Splunk CLI, add the text file you saved earlier as a oneshot monitor to the Splunk platform instance that you want to validate.

$SPLUNK_HOME/bin/splunk add oneshot -source test_file.csv -sourcetype csv -index main

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎12-23-2019 11:07 PM

@riqbal47010

have you check this?

https://www.youtube.com/watch?v=tIcRvw2zx34

Check step 5 in https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020#Validate_timestam...

Using the Splunk CLI, add the text file you saved earlier as a oneshot monitor to the Splunk platform instance that you want to validate.

$SPLUNK_HOME/bin/splunk add oneshot -source test_file.csv -sourcetype csv -index main
0 Karma
Reply
Solved! Jump to solution

riqbal47010
Path Finder
‎12-23-2019 11:57 PM

I gone through all the steps but I have distributed environment.
below are performed steps.

following step#3
On Heavy forwarder I create props.conf file under $SPLUNK_HOME/etc/system/local
[default]
MAX_DAYS_HENCE = 40

after that I add file through step#5

but results are not as expected.

the events time is the time when I am uploading the events.

0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎12-24-2019 02:49 AM

Did you executed step 4??

Just for troubleshooting, is it possible to keep local copy in the HF and execute step 5 again. And just check data on HF only.

I found steps For distributed environment please check below link.

https://blog.zivaro.com/splunk-product-timestamp-issue-solution

0 Karma
Reply
Solved! Jump to solution

riqbal47010
Path Finder
‎12-25-2019 05:06 AM

hi kamlesh,

thanks fory your kind support.

I check the video link and found that to see the future date I have to select all times

thanks for your support

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...