Hello...
I'm having some trouble in indexing some log files, because of the format they are.
Example:
11/12 22:54:31.87:8becc368:02:00:sradisk : verify requests 7629376 (645/sec)
As you can see, there's no year on the date. The format is Month/Date only.
My problem is, Splunk is indexing this like:
12/22/11
10:54:31.800 PM
So, It's getting the hour of the event and using it as the day. Getting the month and using it as a year, and the day becomes the month!
I'm wondering if there's a way to solve this, since some of my logs normally does not have the year field.
Thanks a lot,
Thiago
... View more