https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321576#M59958 <P>Were you able to get this resolved? We're having the same problem and have hundreds of endpoints in different time zones.</P> Tue, 20 Feb 2018 23:21:17 GMT johnebgood 2018-02-20T23:21:17Z https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321575#M59957 <P>I have been having issues modifying the timezone for Mcafee logs. Currently, my logs are indexed as UTC, and I would like to change it to EST. I am currently on dbconnect 3.1.1 and have the Splunk Add-on for Mcafee 2.2.0 installed on my indexers and search heads (Splunk version 6.5.3). I am using the Mcafee template to query the db and the logs show the correct timestamp in Eastern timezone.</P> <P>I've tried the following methods, but have not had success:</P> <P>-adjusting the settings in the JVM option<BR /> -adjust the connections options to UTC and US/Eastern<BR /> -creating a SQL query <BR /> -changing the settings localTimezoneConversionEnabled to true/false</P> <P>Appreciate the help.</P> Sat, 20 Jan 2018 07:24:53 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321575#M59957 rsanders30 2018-01-20T07:24:53Z https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321576#M59958 <P>Were you able to get this resolved? We're having the same problem and have hundreds of endpoints in different time zones.</P> Tue, 20 Feb 2018 23:21:17 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321576#M59958 johnebgood 2018-02-20T23:21:17Z https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321577#M59959 <P>Hello! You can try changing the timezone in props.conf in <CODE>etc/system/local/</CODE></P> <P><A href="https://docs.splunk.com/Documentation/Splunk/7.0.2/Admin/Propsconf">https://docs.splunk.com/Documentation/Splunk/7.0.2/Admin/Propsconf</A></P> Wed, 21 Feb 2018 04:31:38 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321577#M59959 bangalorep 2018-02-21T04:31:38Z https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321578#M59960 <P>Any updates on this issue? <BR /> I have the same issue after migrating from DBConnect v2 to v3.1.3<BR /> Using Add-on for McAfee 2.2.0<BR /> Our current workaround is to +10hrs to match our timezone, but this wont fly for Daylight savings unless we keep manually changing</P> <P>Temp workaround at top of SQL query:<BR /> SELECT<BR /> dateadd (hour, 10 , [EPOEvents].[ReceivedUTC]) as [timestamp], </P> <P>A permanent solution would be great. Not sure what changed from v2 to v3.1.3<BR /> I have also logged to splunk support so ill see what they come back with.</P> Wed, 13 Jun 2018 01:41:21 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321578#M59960 gerald_contrera 2018-06-13T01:41:21Z https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321579#M59961 <P>So, here are the steps we completed to fix the our timestamp issue. </P> <UL> <LI> We updated our DB Connect to 3.1.1. </LI> <LI>In the db connection configuration settings, we set the timezone to UTC ++00:00. </LI> <LI>We chose the the detected_timestamp column instead of timestamp in our inputs.<BR /></LI> <LI>We didn't modify the props.conf or db_connections.conf files (left as UTC). </LI> <LI>I set my user settings to my timezone. </LI> <LI>No changes were made to the McAfee template query regarding time.</LI> </UL> <P>The events are now showing as my local time. I hope this helps.</P> Wed, 13 Jun 2018 15:53:51 GMT https://community.splunk.com/t5/Getting-Data-In/Setting-correct-timezone-for-mcafee-logs-in-dbconnect/m-p/321579#M59961 rsanders30 2018-06-13T15:53:51Z