Hi,
I am using Splunk for the first time.
I tried looking for the answer in the blogs however the answers were not able to help me.
I have a problem that when i am running a search in splunk it is not taking correct timestamp for some of my log files.
For Eg: for date 5/06/12 -- 5th June, it is returning data as 6th May and for 07/06/12 -- it is giving the correct data. However, at times it is not giving data in 5th june or 6th may. So, in short it is behaving unconsistently.
This is the timestamp from sample log file:
RTS_WS974 05/06/12 01:47:40.722 [20:23:48.870]
I tried updating the props.conf file with this:
TIME_FORMAT = %d/%m/%y %k:%M:%S
for all occurances of TIME_FORMAT in the conf file however i am still facing the same issue.
Any help would be highly appreciated.
Regards,
Shweta
... View more