Splunk Announces Important Platform Update for the New Year

Splunk regularly provides software updates and advisories to help maintain the highest performance of our products, which is why we are releasing an important Splunk platform update to ensure all Splunk platform users experience a seamless transition into the upcoming new year. 

Beginning January 1, 2020, unpatched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year, resulting in data with incorrect timestamps on any operating system. This impacts all un-patched Splunk platform instance types, on any operating system. To address this, Splunk is providing an updated version of the datetime.xml file for download. 

Splunk Cloud customers will receive the update automatically on their Splunk Cloud instances.

For any self-deployed instances, such as such as heavy and universal forwarders that send data to your Splunk Cloud instance, you must perform one of the following solutions:

  • Download and deploy an app to temporarily replace the defective datetime.xml with the fixed one
  • Download an updated version of datetime.xml and apply it to each of your Splunk platform instances
  • Upgrade Splunk platform instances to a version with an updated version of datetime.xml 
  • Make modifications to existing datetime.xml on your Splunk platform instances

We are working directly with our customers and detailed solutions can be found in the Timestamp release notes.

We realize this is an unexpected but critical update to be addressed and installed before January 1, 2020 and we have a number of support channels to help customers through the process:

Thank you,
Sendur Sellakumar

Sendur Sellakumar

Posted by


Show All Tags
Show Less Tags