Hi Guys,
My log files has events with the time stamp on it, just the time not the date but luckily the source name has the date in it and splunk automatically identifies date from the source name and displays it with the events accordingly.
My logs:- 10:32:21,453 INFO [2212] abcdxyz 10:32:21,112 INFO [2212] abcdxyz 10:32:22,409 INFO [1121] abcdxyz
source names :- server-nameA.2013-10-01 server-nameB.2013-10-01
splunk is showing the events after indexing like:-
2013/10/01 10:32:21,453 INFO [2212] abcdxyz 2013/10/01 10:32:21,112 INFO [2212] abcdxyz 2013/10/01 10:32:22,409 INFO [1121] abcdxyz
But sometimes my log files also has version number attached to them at the last.
source name with version number : server-nameA.2013-10-01.1 server-nameB.2013-10-01.1
Now splunk is also taking version number for the date and after indexing my events look like:
2010/10/01 10:33:23,343 INFO [2232] abcdxyz 2010/10/01 10:33:19,144 INFO [2394] abcdxyz 2010/10/01 10:34:23,239 INFO [1943] abcdxyz
i want the date to be 2013/10/01 not 2010/10/01 when the source name is something like server-nameA.2013-10-01.1
I have searched through the internet for an answer but none of them assured me a valid result. Please, Can anyone help me fix this issue?
Many Regards...