Our blog

7 date formats impacted in Splunk starting 2020

Blog Image

7 date formats impacted in Splunk starting 2020

November 28, 2019 | bitsIO | Comments Off on 7 date formats impacted in Splunk starting 2020 |

You all must have heard of Splunk datetime recognition issues starting Jan 1st 2020. Below is visual representations of the date formats using regex that are impacted. You will have to change datetime.xml file in /opt/splunk/etc directory. You can see how the change impacts, please check Before & After the change.

Date format 1: CCYY

Date format 2: YY

splunk datetime xml format

Date format 3: CCYYMMDD

Date format 4: YYMMDD

Date format 5: MMDDCCYY

Date format 6: MMDDYY

Date format 7: UTC epoch time

date time xml splunk

Here is how to fix this, it’s very well documented at Splunk.

https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020

Search Here

Latest Posts

Cyber Security

Cyber Security Investigations Made Simple

January 29, 2019

bitsIO is now Elite Splunk partner

February 28, 2019
splunk IoT bitsIO

IOT – New insights from sensors, devices and industrial control systems

April 22, 2019

Categories

bitsIO (3) Corporate (5) education (1) General (6) Internet of Things (1) RBA (1) Splunk (9) Tutorials (3) Uncategorized (1)

Tags

Applications Covid19 guide linux Multifactor authentification RBA remote vpn Remote Work security Splunk terminal ubuntu Web WFH