Scribd Logo
Upload

Welcome to Scribd!

  • Use Case-9 - Troubleshooting

    Uploaded by

    junaid
    2 views5 pages
    The document discusses troubleshooting timestamp issues in Splunk where all events are showing the same timestamp. It describes a scenario where the event timestamp and _time field do not match due to the event timestamp not being in the standard format. It provides a solution of configuring a custom timestamp format in the sourcetype definition in the props.conf file to resolve the mismatch.

    Original Description:

    Original Title

    Use case-9 - Troubleshooting

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses troubleshooting timestamp issues in Splunk where all events are showing the same timestamp. It describes a scenario where the event timestamp and _time field do not match due to the event timestamp not being in the standard format. It provides a solution of configuring a custom timestamp format in the sourcetype definition in the props.conf file to resolve the mismatch.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views5 pages

    Use Case-9 - Troubleshooting

    Uploaded by

    junaid
    The document discusses troubleshooting timestamp issues in Splunk where all events are showing the same timestamp. It describes a scenario where the event timestamp and _time field do not match due to the event timestamp not being in the standard format. It provides a solution of configuring a custom timestamp format in the sourcetype definition in the props.conf file to resolve the mismatch.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Splunk Enterprise

    Troubleshooting
    Use Cases

    9
    Soft Mania

    Timestamp Issues
    Issue: Event timestamp & _time field
    is not matching
    Scenario-1: All events are showing
    same Timestamp (current timestamp)

    2024-03-01 20:12:12
    2024-03-01 20:12:12
    2024-03-01 20:12:12
    2024-03-01 20:12:12
    2024-03-01 20:12:12
    2024-03-01 20:12:12

    @SoftMania #SoftMania
    Soft Mania

    Timestamp Issues
    Root Cause:
    Event timestamp is not in the standard format.

    Sun_Jan29 122443 EST-05:00 2024 2024-03-01 20:12:12

    Sun_Jan29 122445 EST-05:00 2024 2024-03-01 20:12:12


    Sun_Jan29 122448 EST-05:00 2024 2024-03-01 20:12:12
    Sun_Jan29 122653 EST-05:00 2024 2024-03-01 20:12:12
    Sun_Jan29 122958 EST-05:00 2024 2024-03-01 20:12:12
    Sun_Jan29 123558 EST-05:00 2024 2024-03-01 20:12:12

    @SoftMania #SoftMania
    Soft Mania

    Data Forwarding Issues


    Solution:
    Configure your custom timestamp format in
    the sourcetype, as shown below in
    props.conf file

    @SoftMania #SoftMania

    You might also like