The dojo of Splunk. Learn, share, teach, mentor.
-
Jordan Schroeder
- Vancouver
- Canada
- Share
- Share on Twitter
- Share on Facebook
- Blog Posts
- Discussions (2)
- Events
- Videos
Jordan Schroeder's Discussions
custom time series on x-axis
2 Replies
I have a custom app dumping a custom log to file every night that includes all events in that app. Each log entry has a time stamp, but Splunk only indexes the creation date of the file. What Splunk…
Tagged: timechart
Started this discussion. Last reply by Michael Wilde Feb 15.
Jordan Schroeder's Page
Gifts Received
Jordan Schroeder has not received any gifts yet
Latest Activity
If you want splunk to recognize older data, you can put a setting In your props.conf, just add
MAX_DAYS_AGO =
Set that to the number of days, 2190 would be six years. More or less, now you know which way to go.
stop splunk, clean your index (splun…
Update: I was able to use a props.conf file to specify what the timestamp should be, and used
TIME_FORMAT=%m/%d/%Y
Now, anything timestamped before 8/28/2004 isn't being recognized as a timestamp and Splunk is grabbing the date of the log file inst…
I have a custom app dumping a custom log to file every night that includes all events in that app. Each log entry has a time stamp, but Splunk only indexes the creation date of the file.
What Splunk reports is that there are 1000 events at midnight,…
Profile Information
- Are you an existing splunk user?
- Free
- What do you do for your day job?
- Security Analyst
Comment Wall
- No comments yet!
Videos
Latest Splunk Community Postings
© 2010 Created by Michael Wilde.
Powered by 
.
