topic Splunk - Server and Application logs timestamps are different in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Splunk-Server-and-Application-logs-timestamps-are-different/m-p/387890#M94566 <P>We have a set of servers where the server Timezone is in PST/PDT but the application running on that server has log timestamps in UTC. We have setup some Alerts on those servers. Due to the timestamp mis-match, the alerts are triggered with the delay of 7 or 8 hours depending on whether Daylight saving is in effect (Since PST = UTC-8 and PDT=UTC-7). Splunk is considering the application log timestamp in PST/PDT and reporting accordingly. <BR /> Is there any way around this? Please suggest.</P> Tue, 19 Jun 2018 12:45:27 GMT vilashegde 2018-06-19T12:45:27Z Splunk - Server and Application logs timestamps are different https://community.splunk.com/t5/Getting-Data-In/Splunk-Server-and-Application-logs-timestamps-are-different/m-p/387890#M94566 <P>We have a set of servers where the server Timezone is in PST/PDT but the application running on that server has log timestamps in UTC. We have setup some Alerts on those servers. Due to the timestamp mis-match, the alerts are triggered with the delay of 7 or 8 hours depending on whether Daylight saving is in effect (Since PST = UTC-8 and PDT=UTC-7). Splunk is considering the application log timestamp in PST/PDT and reporting accordingly. <BR /> Is there any way around this? Please suggest.</P> Tue, 19 Jun 2018 12:45:27 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-Server-and-Application-logs-timestamps-are-different/m-p/387890#M94566 vilashegde 2018-06-19T12:45:27Z Re: Splunk - Server and Application logs timestamps are different https://community.splunk.com/t5/Getting-Data-In/Splunk-Server-and-Application-logs-timestamps-are-different/m-p/387891#M94567 <P>Hi @vilashegde,</P> <P>You can set the timezones for events in props conf as mentioned in <A href="https://docs.splunk.com/Documentation/Splunk/7.1.1/Data/Applytimezoneoffsetstotimestamps">Apply timezone offsets to timestamps</A><BR /> This could be done based on the source or sourcetype or host</P> Wed, 20 Jun 2018 13:23:12 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-Server-and-Application-logs-timestamps-are-different/m-p/387891#M94567 renjith_nair 2018-06-20T13:23:12Z