Just installed Splunk Enterprise free edition on a Windows 10 computer.
Downloaded a Wordpress error log from a decade old website.
Settings - Add Data - Upload File - uploaded the server error log ( 365 megs) - clicked through the default settings. Once imported I went back to the search page.
Ran the following command: sourcetype="server-error-log-1" earliest="11/12/2018:0:0:0" latest="09/12/2019:0:0:0"
Time column says:
Time
9/11/19
11:01:00.000 PM
First entry in the event column is:
[13-Jan-2010 23:01:00]
The thing is, the error log was imported on 9/12 and not 9/11.
Did I do something wrong when importing the error log? The error log shows a date of 2010, which is what I want to search.
↧