bitsIO

7 date formats impacted in Splunk starting 2020

You all must have heard of Splunk datetime recognition issues starting Jan 1st 2020. Below is visual representations of the date formats using regex that are impacted. You will have to change datetime.xml file in /opt/splunk/etc directory. You can see how the change impacts, please check Before & After the change.

Date format 1: CCYY

Date format 2: YY

Date format 3: CCYYMMDD

Date format 4: YYMMDD

Date format 5: MMDDCCYY

Date format 6: MMDDYY

Date format 7: UTC epoch time

Here is how to fix this, it’s very well documented at Splunk.

https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020

Click To Share the Blog Post:

Leave Us A Reply Cancel Reply

7 date formats impacted in Splunk starting 2020

Decoding Index definitions in Splunk

Subscribe Our Newsletter

Search

Categories

Most Popular

7 date formats impacted in Splunk starting 2020

how to install splunk on linux

Tutorials

How To Install Splunk On Your Linux Distribution

how to install splunk on ubuntu

Tutorials

How To Install Splunk 8.0 On Ubuntu In Just 5 Minutes

thumbnail with splunk and centos logos

Tutorials

4 Simple Steps To Install Splunk On CentOS 7

bitsIO presents at Banktech Conference