cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
dozer
Engager
Member since: ‎03-04-2021
‎04-20-2021
Community Statistics
Posts 2
Solutions 1
Karma Given 1
Karma Received 0
Member Since ‎03-04-2021
View All

Re: For a subset of hosts _time is the same for ev...

by in Getting Data In
‎04-20-2021 09:18 AM
‎04-20-2021 09:18 AM
Adding DATETIME_CONFIG = CURRENT to props ended up correcting it for those three. Still was not able to determine what config was actually responsible for causing the issue. ... View more

For a subset of hosts _time is the same for every ...

by in Getting Data In
‎03-04-2021 06:09 AM
‎03-04-2021 06:09 AM
I have a particular feed with 24 appliances that send their data via rest call over 8089 to a heavy forwarder which is then forwarded to the indexing cluster and indexed.  For every event for every appliance, _time is correct with the exception of three appliances. For those three appliances however, regardless of when the events are generated, _time is always 3:55:40.000 AM for appliance one, 3:25:00.000 AM for appliance two, and 3:58:00.000 AM for appliance three. And again, the other 21 appliances that send the exact same way are not having this issue. My original thought was that it was a config issue with those three appliances. But the team that manages them confirmed they were all configured the same. I have not been able to find any clues on the splunk side as to why this may be happening. Any help would be appreciated. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-20-2021 09:19 AM
Karma given to
View All