https://community.splunk.com/t5/Getting-Data-In/How-can-i-change-timestamp-Moscow-Timezone-inexactness/m-p/106596#M22431 <P>Hello,<BR /> i have Splunk on freebsd 8.2 and i collect logs from Cisco Ips with Splunk for Cisco IPS App(using scripted input). Trouble is in timestamps, if event occurs at present moment, i see this event on splunk through some seconds, but with timestamp like this event was one hour ago. On freebsd i have Moscow timezone and correct time, time on Ips corresponds to realtime too, but in Splunk (Manager=&gt;Your account) Moscow timezone is UTC+3, but really Moscow timezone is UTC+4. This is a problem. How can i change timestamps? Or may be somebody knows another solution for this problem.<BR /> P.s. i tryed to change props.conf for this app, may be i forgot something? this is my props.conf<BR /> [source::/opt/splunk/etc/apps/Splunk_CiscoIPS/var/log/ips_sdee.log.192.22.97.82]<BR /> [cisco_ips_syslog]<BR /> TZ = AE</P> Mon, 28 Sep 2020 13:12:57 GMT andrey2007 2020-09-28T13:12:57Z https://community.splunk.com/t5/Getting-Data-In/How-can-i-change-timestamp-Moscow-Timezone-inexactness/m-p/106596#M22431 <P>Hello,<BR /> i have Splunk on freebsd 8.2 and i collect logs from Cisco Ips with Splunk for Cisco IPS App(using scripted input). Trouble is in timestamps, if event occurs at present moment, i see this event on splunk through some seconds, but with timestamp like this event was one hour ago. On freebsd i have Moscow timezone and correct time, time on Ips corresponds to realtime too, but in Splunk (Manager=&gt;Your account) Moscow timezone is UTC+3, but really Moscow timezone is UTC+4. This is a problem. How can i change timestamps? Or may be somebody knows another solution for this problem.<BR /> P.s. i tryed to change props.conf for this app, may be i forgot something? this is my props.conf<BR /> [source::/opt/splunk/etc/apps/Splunk_CiscoIPS/var/log/ips_sdee.log.192.22.97.82]<BR /> [cisco_ips_syslog]<BR /> TZ = AE</P> Mon, 28 Sep 2020 13:12:57 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-i-change-timestamp-Moscow-Timezone-inexactness/m-p/106596#M22431 andrey2007 2020-09-28T13:12:57Z https://community.splunk.com/t5/Getting-Data-In/How-can-i-change-timestamp-Moscow-Timezone-inexactness/m-p/106597#M22432 <P>"Moscow timezone is UTC+3, but really Moscow timezone is UTC+4"<BR /> the timezone definition comes from your system TZ tables, double check that your system is up to date on the indexers and search-heads. see in /usr/share/zoneinfo/</P> <P>on linux you can try any timezone conversion of the current time with<BR /> <CODE>date; export TZ=AE; date</CODE></P> Thu, 31 Jan 2013 16:57:40 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-i-change-timestamp-Moscow-Timezone-inexactness/m-p/106597#M22432 yannK 2013-01-31T16:57:40Z https://community.splunk.com/t5/Getting-Data-In/How-can-i-change-timestamp-Moscow-Timezone-inexactness/m-p/106598#M22433 <P>Yes, my system is up to date and with correct time, for testing i have one Splunk instance.</P> Thu, 31 Jan 2013 17:09:26 GMT https://community.splunk.com/t5/Getting-Data-In/How-can-i-change-timestamp-Moscow-Timezone-inexactness/m-p/106598#M22433 andrey2007 2013-01-31T17:09:26Z