Our blog

7 Splunk Date Format Changes Beginning in 2020

Blog Image

7 Splunk Date Format Changes Beginning in 2020

November 28, 2019 | bitsIO | Comments Off on 7 Splunk Date Format Changes Beginning in 2020 |

You all must have heard of Splunk datetime recognition issues starting Jan 1st 2020. Below is visual representations of the date formats using regex that are impacted. You will have to change datetime.xml file in /opt/splunk/etc directory. You can see how the change impacts, please check Before & After the change.

Date format 1: CCYY

Date format 2: YY

splunk datetime xml format

Date format 3: CCYYMMDD

Date format 4: YYMMDD

Date format 5: MMDDCCYY

Date format 6: MMDDYY

Date format 7: UTC epoch time

date time xml splunk

Here is how to fix this, it’s very well documented at Splunk.

https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020

Search Here

Latest Posts

bitsIO, Inc. Named A Splunk Elite Partner

February 28, 2019
Blog Image

7 Splunk Date Format Changes Beginning in 2020

November 28, 2019
splunk IoT bitsIO

Insights from Internet of Things

April 22, 2020

Categories

bitsIO (3) Corporate (6) education (2) General (6) Internet of Things (1) MSSP (3) RBA (1) Splunk (13) Tutorials (4) Uncategorized (1)

Tags

Applications Covid19 guide linux Multifactor authentification RBA remote vpn Remote Work security Splunk terminal ubuntu Web WFH