I have recently migrated to Splunk cloud and completed the necessary version upgrades to ensure we are compatible with the timestamp issue patching. However, I still have an on-prem instance of Splunk (that is still widely used by teams) that will be de-commissioned in the next few months (upon tying up loose ends with the cloud instance).
I am running version 6.6.3 on-prem. Rather than upgrade to a compatible version, can I simply update the version of datetime.xml and apply it to each on-prem Splunk server to solve the Y2K-timestamp issue?
Obviously, this would be a temporary solution - just long enough to allow me to complete the cloud migration and de-com the on-prem environment. Thanks!
↧