https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-the-Splunk-Add-on-for-Netflow-or-indexer-to/m-p/201696#M21163 <P>Hi<BR /> Do you mean you want the time to show in 24h clock instead 12h clock? in other words in your example that would be 19:00 instead of 7PM?<BR /> If this is the case you can do so by changing the locale. Here are some useful links: <BR /> <A href="https://answers.splunk.com/answers/10643/time-format-for-results-in-en-us-vs-en-gb.html">https://answers.splunk.com/answers/10643/time-format-for-results-in-en-us-vs-en-gb.html</A><BR /> <A href="https://answers.splunk.com/answers/12509/possible-to-set-user-interface-to-show-24-clock.html">https://answers.splunk.com/answers/12509/possible-to-set-user-interface-to-show-24-clock.html</A></P> Mon, 28 Dec 2015 18:43:18 GMT ehaddad_splunk 2015-12-28T18:43:18Z https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-the-Splunk-Add-on-for-Netflow-or-indexer-to/m-p/201695#M21162 <P>Running the Splunk Add-on for Netflow on a Linux server so it can translate the data and forward it to our main Splunk instance running on Windows. The Netflow data on the Linux box looks something like this for date and time:</P> <PRE><CODE>1969-12-31 19:00:00,1969-12-31 19:00:00,0.000 </CODE></PRE> <P>This then gets sent over to our indexer (Windows box) and it stamps it with the right date, but the time it stamps it with is 7PM. What can I adjust in the Netflow add-on or on the indexer to get it to stamp it with the correct times?</P> Mon, 28 Dec 2015 18:18:02 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-the-Splunk-Add-on-for-Netflow-or-indexer-to/m-p/201695#M21162 jeffrey2015 2015-12-28T18:18:02Z https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-the-Splunk-Add-on-for-Netflow-or-indexer-to/m-p/201696#M21163 <P>Hi<BR /> Do you mean you want the time to show in 24h clock instead 12h clock? in other words in your example that would be 19:00 instead of 7PM?<BR /> If this is the case you can do so by changing the locale. Here are some useful links: <BR /> <A href="https://answers.splunk.com/answers/10643/time-format-for-results-in-en-us-vs-en-gb.html">https://answers.splunk.com/answers/10643/time-format-for-results-in-en-us-vs-en-gb.html</A><BR /> <A href="https://answers.splunk.com/answers/12509/possible-to-set-user-interface-to-show-24-clock.html">https://answers.splunk.com/answers/12509/possible-to-set-user-interface-to-show-24-clock.html</A></P> Mon, 28 Dec 2015 18:43:18 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-the-Splunk-Add-on-for-Netflow-or-indexer-to/m-p/201696#M21163 ehaddad_splunk 2015-12-28T18:43:18Z https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-the-Splunk-Add-on-for-Netflow-or-indexer-to/m-p/201697#M21164 <P>No, it is more like the time itself is way off the line above was captured about 30 minutes ago. The correct time should have been 1:07PM EST.</P> Mon, 28 Dec 2015 18:46:26 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-the-Splunk-Add-on-for-Netflow-or-indexer-to/m-p/201697#M21164 jeffrey2015 2015-12-28T18:46:26Z https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-the-Splunk-Add-on-for-Netflow-or-indexer-to/m-p/201698#M21165 <P>I encountered this same issue when collecting Netflow v9. However, when using v5, it sets the correct timestamp. I think there's an issue with nfdump that comes with this add-on. </P> Sun, 24 Jan 2016 22:45:42 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/How-to-configure-the-Splunk-Add-on-for-Netflow-or-indexer-to/m-p/201698#M21165 thejohn 2016-01-24T22:45:42Z