double date in log

supernana · ‎10-17-2012

recently i notice log send by my switch to splunk is indexed by double date & time format, my switch date and my splunk date. for example

Oct 18 01:12:36 172.16.12.6 Oct 18 01:11:36 SW-NUS1-LT12A SW-NUS1-LT12A: last message repeated 66 times

as far i remember when i first install splunk it didnt format like this, thx

supernana · ‎10-18-2012

it doesnt work, still the same, strangely it only happen to my juniper ex switch

Ayn · ‎10-18-2012

From inputs.conf documentation:

no_appending_timestamp = [true|false]
* If this attribute is set to true, Splunk does NOT append a timestamp and host to received events.
* NOTE: Do NOT include this attribute if you want to append timestamp and host to received events.
* Default is false.

http://docs.splunk.com/Documentation/Splunk/5.0/Admin/Inputsconf

supernana · ‎10-18-2012

the log i see in my splunk server is like this

Oct 18 01:12:36 172.16.12.6 Oct 18 01:11:36 SW-NUS1-LT12A SW-NUS1-LT12A: last message repeated 66 times

Which is if you see it have double date "Oct 18 01:12:36 172.16.12.6 Oct 18 01:11:36" data,
as far i remember when i first install splunk the log is only have one timestamp

bmacias84 · ‎10-17-2012

@supernana, I am not sure what your question is?

double date in log

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio