bitsIO

7 date formats impacted in Splunk starting 2020

You all must have heard of Splunk datetime recognition issues starting Jan 1st 2020. Below is visual representations of the date formats using regex that are impacted. You will have to change datetime.xml file in /opt/splunk/etc directory. You can see how the change impacts, please check Before & After the change.

Date format 1: CCYY

Date format 2: YY

Date format 3: CCYYMMDD

Date format 4: YYMMDD

Date format 5: MMDDCCYY

Date format 6: MMDDYY

Date format 7: UTC epoch time

Here is how to fix this, it’s very well documented at Splunk.

https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020

Click To Share the Blog Post:

Leave Us A Reply Cancel Reply

bitsIO Splunk

General

bitsIO wishes you Happy Holidays

date time xml splunk

General

7 date formats impacted in Splunk starting 2020

Subscribe Our Newsletter

Search

Categories

Most Popular

bitsIO Splunk

RBA

How to get started on RBA with ES

bitsIO Splunk

General

bitsIO wishes you Happy Holidays

date time xml splunk

General

7 date formats impacted in Splunk starting 2020

how to install splunk on linux

Tutorials

How To Install Splunk On Your Linux Distribution

how to install splunk on ubuntu

Tutorials

How To Install Splunk 8.0 On Ubuntu In Just 5 Minutes