Splunk Announces Important Platform Update for the New Year

Splunk regularly provides software updates and advisories to help maintain the highest performance of our products, which is why we are releasing an important Splunk platform update to ensure all Splunk platform users experience a seamless transition into the upcoming new year. 

Beginning January 1, 2020, unpatched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year, resulting in data with incorrect timestamps on any operating system. This impacts all un-patched Splunk platform instance types, on any operating system. To address this, Splunk is providing an updated version of the datetime.xml file for download. 

Splunk Cloud customers will receive the update automatically on their Splunk Cloud instances.

For any self-deployed instances, such as such as heavy and universal forwarders that send data to your Splunk Cloud instance, you must perform one of the following solutions:

  • Download and deploy an app to temporarily replace the defective datetime.xml with the fixed one
  • Download an updated version of datetime.xml and apply it to each of your Splunk platform instances
  • Upgrade Splunk platform instances to a version with an updated version of datetime.xml 
  • Make modifications to existing datetime.xml on your Splunk platform instances

We are working directly with our customers and detailed solutions can be found in the Timestamp release notes.

We realize this is an unexpected but critical update to be addressed and installed before January 1, 2020 and we have a number of support channels to help customers through the process:

Thank you,
Sendur Sellakumar

Sendur Sellakumar
Posted by

Sendur Sellakumar

Sendur Sellakumar is the Senior Vice President, Cloud and Chief Product Officer of Splunk. Sendur is passionate about delivering a multi-product portfolio — helping customers wherever they are on their business journey to help them bridge data into action. Prior to assuming the Chief Product Officer role in June of 2019, Sendur held various key leadership positions at Splunk, including Senior Vice President and Vice President of Cloud from 2017 to 2019 and Vice President, Corporate Development from 2013 to 2017. 

Sendur has a rich background in the financial services industry, as well as engineering. Before joining Splunk, he worked in investment banking at Morgan Stanley and Credit Suisse. Earlier in his career, Sendur held several engineering roles at enterprise technology companies, including Qualcomm and Autodesk. Sendur holds a B.S. from the University of California, San Diego, an M.B.A. from Cornell University and is based in the Bay Area.


Splunk Announces Important Platform Update for the New Year

Show All Tags
Show Less Tags

Join the Discussion