Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event

nathanlhopkins
Path Finder
‎05-15-2013 03:50 PM

In my Splunkd log for one of our webspheres I'm finding multiple entries with;

DateParserVerbose - Failed to parse timestamp. Defaulting to timestamp of previous event ...

Please can anyone advise what might be the fix for this?

Do I need to create my own sourcetype? with props.conf?

Tags (2)
Reply

DavidLago
New Member
‎05-03-2017 09:35 AM

Just insert this line inside your props sourcetype section:

DATETIME_CONFIG = CURRENT
0 Karma
Reply

kml_uvce
Builder
‎05-15-2013 08:59 PM

your timestamp extraction not working properly, make changes in props.conf http://docs.splunk.com/Documentation/Splunk/latest/Admin/Propsconf

-Kamal Bisht

Reply

Michael
Contributor
‎11-30-2016 12:43 PM

geez, how I love RTFM answers...

0 Karma
Reply

nathanlhopkins
Path Finder
‎05-16-2013 07:18 AM

When I use data preview - should I see the issue? Are the green values highlighted the problem or a good match on timestamp?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...