Hi,
How do I display the correct syslog event timestamp in Splunk.
this is Syslog Event timestamp when display in Splunk with no_priority_stripping=true.
2019-11-14T14:34:02-08:00
I want to display like 11/14/2019 14:34:02
Below is the syslog event message.
<134>1 2019-11-14T14:34:02-08:00 CPM-1600-1-ECM-ITLAB server - - [meta sequenceId="39" enterpriseId="2634.1.17.16" vendorId="WTI"] CPM: CPM-1600-1-ECM-ITLAB, (AUDIT LOG) DATE-TIME: 11/14/19 14:34:02, USERNAME: super LOGOUT By /X SSH Port 22
host = CPM-1600-1-ECM-ITLAB source = udp:514 sourcetype = syslog
Looking forward to someone that can help out to resolve this issue.
↧