Hi,
Sorry if this has been asked before but I could do with a quick straightforward answer for this one.
We have a text based logfile which has each line starting with dd/MM/yy - HH:mm:ss (05/08/11 - 09:51:32)
The problem is that splunk is reading the date as MM/dd/yy, so our logs are all over the place, over the last 3 days we now have logs for 8th march, 8th april, and 8th may....
The logs are collected by a Universal forwarder on a windows server.
Which config file do I need to edit and what do I need to edit it with to get this to start parsing the date correctly?
Many Thanks,
Fraser
... View more