I am not sure how to fix the date extraction from a raw log which is done by default by Splunk. Splunk extracts date by default and it's not doing the year correctly.
This is the raw log:
Jun 21 00:00:32 10.20.14.12 Jun 20 17:00:32 : 2016/06/20 17:00:32 PDT,1,7016505,L2 Poll Failed,0,10596,,LAB,10.18.8.1,,L2 Poll failed to read hosts from LAB.
And this is date that is getting extracted:
6/20/12 5:00:32.000 PM
Anyone knows how to fix it?
↧