Splunk Announces Important Platform Update for the New Year

Splunk regularly provides software updates and advisories to help maintain the highest performance of our products, which is why we are releasing an important Splunk platform update to ensure all Splunk platform users experience a seamless transition into the upcoming new year. 

Beginning January 1, 2020, unpatched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year, resulting in data with incorrect timestamps on any operating system. This impacts all un-patched Splunk platform instance types, on any operating system. To address this, Splunk is providing an updated version of the datetime.xml file for download. 

Splunk Cloud customers will receive the update automatically on their Splunk Cloud instances.

For any self-deployed instances, such as such as heavy and universal forwarders that send data to your Splunk Cloud instance, you must perform one of the following solutions:

  • Download and deploy an app to temporarily replace the defective datetime.xml with the fixed one
  • Download an updated version of datetime.xml and apply it to each of your Splunk platform instances
  • Upgrade Splunk platform instances to a version with an updated version of datetime.xml 
  • Make modifications to existing datetime.xml on your Splunk platform instances

We are working directly with our customers and detailed solutions can be found in the Timestamp release notes.

We realize this is an unexpected but critical update to be addressed and installed before January 1, 2020 and we have a number of support channels to help customers through the process:

Thank you,
Sendur Sellakumar

Sendur Sellakumar
Posted by

Sendur Sellakumar

Sendur Sellakumar has served as our Senior Vice President of Cloud and Chief Product Officer since 2019. Prior to this role, Mr. Sellakumar served as Splunk’s Senior Vice President and Vice President of Cloud from 2017 to 2019. From 2013 to 2017 he served as Vice President, Corporate Development. Before joining Splunk, Mr. Sellakumar worked in the financial services industry in investment banking from 2007 to 2013 at Morgan Stanley and Credit Suisse. Earlier in his career, Mr. Sellakumar held several engineering roles at enterprise technology companies, including Qualcomm and Autodesk. Mr. Sellakumar holds a B.S. from the University of California, San Diego, and an M.B.A. from Cornell University and is based in the California Bay Area.


Splunk Announces Important Platform Update for the New Year

Show All Tags
Show Less Tags

Join the Discussion