Two-digit timestamps in datetime.xml affects Endpoint Detection and Response (EDR) app for Splunk


Article ID: 185096


Updated On:


Endpoint Detection and Response


Splunk recently announced an issue with their datetime.xml that can affect SEDR customers using the Splunk app starting January 1, 2020.  Customers using Splunk on-prem and Symantec’s Splunk app may see problems ingesting SEDR logs starting January 1, 2020, unless they update the datetime.xml file on their on-prem Splunk servers.


Details of the Splunk issues and patch options can be found here:

Splunk Cloud customers will receive the fix on their Splunk Cloud instances automatically.