Hey community,
I'm trying to detect the non-English (German) timestamp in a file, but Splunk has problems detecting the localized name of the month.
A sample timestamp is: **26. Oktober 2015** (Notice the K in Oktober)
The used pattern is: **%d. %B %Y**
Changing the format with SED `SEDCMD-test=s/Oktober/October/g` fails, as it seems to be performed after timestamp recognition.
Documentation suggests that it is not possible: (http://docs.splunk.com/Documentation/Splunk/6.0/Data/Configuretimestamprecognition)
*Note: Splunk Enterprise does not currently recognize non-English month names in timestamps. If you have an app that writes non-English month names to log files, reconfigure the app to use numerical months, if possible.*
Does anybody have similar problems or a solution? Changing the timestamp beforehand is unfortunately not possible in the scenario...
Best regards,
Benjamin
↧