SPLUNK PRODUCT TIMESTAMP ISSUE
As you may already be aware, this week Splunk released an advisory to inform clients of a time-sensitive issue identified in all current versions of Splunk Enterprise, Splunk Light and Splunk Cloud. This issue can potentially cause significant data ingestion issues if action is not taken prior to January 1, 2020. We'd like to advise our clients of the need to address this issue before that date.
The Impact
Beginning January 1, 2020, timestamps using two-digit years will stop being correctly recognised and can cause inaccurate, unsearchable or prematurely-deleted data. Full details around this issue, including workaround and product fixes, are documented in the Release Notes for each Splunk verison.
Action Needed
If you are an affected Splunk customer, you should already have received an email notification from Splunk alerting you of the action needed.
Splunk Cloud instances will automatically be updated prior to January 1, 2020. A Splunk Support representative will advise you of an upgrade date.
All Splunk Enterprise and Splunk Light customers and any Splunk Cloud customers using Forwarders, must apply one of the following changes to every impacted instance prior to January 1, 2020 to avoid the issue:
Should you require assistance with applying the fix or upgrading, please contact your account manager or email info@integrity360.com. As always, Integrity360 Managed Security Service customers will already be covered through our proactive security approach.
End of Support Reminder
We’d also like to remind clients that Splunk Enterprise version 6.x & version 7.0 have now gone end of support and should be upgraded to a supported version. If you have not already upgraded and require assistance please contact your account manager. Full Splunk support dates can be found on the Splunk website.