Blogs By 28/11/2019 6:14 pm No Comments 
You all must have heard of Splunk datetime recognition issues starting Jan 1st 2020. Below is visual representations of the date formats using regex that are impacted. You will have to change datetime.xml file in /opt/splunk/etc directory. You can see how the change impacts, please check Before & After the change.
Date format 1: CCYY
Date format 2: YY
Date format 3: CCYYMMDD
Date format 4: YYMMDD
Date format 5: MMDDCCYY
Date format 6: MMDDYY
Date format 7: UTC epoch time
Here is how to fix this, it’s very well documented at Splunk.
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
By 28/11/2019 6:14 pm
No Comments
You all must have heard of Splunk datetime recognition issues starting Jan 1st 2020. Below is visual representations of the date formats using regex that are impacted. You will have to change datetime.xml file in /opt/splunk/etc directory. You can see how the change impacts, please check Before & After the change.
Date format 1: CCYY
Date format 2: YY
Date format 3: CCYYMMDD
Date format 4: YYMMDD
Date format 5: MMDDCCYY
Date format 6: MMDDYY
Date format 7: UTC epoch time
Here is how to fix this, it’s very well documented at Splunk.
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020