https://community.splunk.com/t5/Getting-Data-In/What-time-is-displayed-in-raw-splunk-logs/m-p/447221#M95447 <P>Thanks for the explanation. I am not blaming splunk for anything, just trying to understand so it can utilized in correct manner. <BR /> With the explanation you are giving, it seems the source log file is logging in EST, that would mean the server which I assumed was in GMT is in fact in EST location. So, I need to change my account settings to EST then, to get consistent logs.<BR /> I will try this and see if it helps in finding old logs in appropriate date time range.</P> Sat, 16 Mar 2019 17:48:10 GMT gsonal03 2019-03-16T17:48:10Z https://community.splunk.com/t5/Getting-Data-In/What-time-is-displayed-in-raw-splunk-logs/m-p/447219#M95445 <P>I am trying to debug issues related to delay in splunk forwarding or indexing in a separate splunk query "<A href="https://answers.splunk.com/answers/730136/why-are-our-splunk-indexes-not-showing-all-log-ent.html">https://answers.splunk.com/answers/730136/why-are-our-splunk-indexes-not-showing-all-log-ent.html</A>. But I would like to understand how the display of raw logs are governed, so opening a new ticket.</P> <P>Attached below is a mockup of how I see logs in raw format and account settings. I have my account settings configured to GMT timezone. When I search any logs in raw format, I see each log entry beginning with EST timestamp. When I expand it, I see _time field showing time in GMT format.<BR /> How and where can I change the settings for the log entry so that it remains consistent and I can debug correct time period to view logs . The servers from where we are forwarding the logs is also in GMT time as far as I know.<BR /> Time-mockup: <span class="lia-inline-image-display-wrapper" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/6728i0875D4C9FDD765F1/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span> </P> Sat, 16 Mar 2019 16:54:17 GMT https://community.splunk.com/t5/Getting-Data-In/What-time-is-displayed-in-raw-splunk-logs/m-p/447219#M95445 gsonal03 2019-03-16T16:54:17Z https://community.splunk.com/t5/Getting-Data-In/What-time-is-displayed-in-raw-splunk-logs/m-p/447220#M95446 <P>There is no such thing as <CODE>time displayed in logs</CODE>; there is only <CODE>text displayed in logs</CODE> so the thing that you see in the raw event is the unmodified text the way that the event came in.</P> <P>Do you see the <CODE>Raw v</CODE> that is above <CODE>Event</CODE> that is above your timestamp?<BR /> Click on that and change it to <CODE>List</CODE>. You will then see a new column called <CODE>Time</CODE> between <CODE>i</CODE> and <CODE>Event</CODE> that shows the event's timestamp adjusted to your user's <CODE>Time zone</CODE> setting. BTW, <CODE>List</CODE> is the default so at some point you changed this (or somebody logged in as you), so don't blame Splunk!</P> Sat, 16 Mar 2019 17:32:34 GMT https://community.splunk.com/t5/Getting-Data-In/What-time-is-displayed-in-raw-splunk-logs/m-p/447220#M95446 woodcock 2019-03-16T17:32:34Z https://community.splunk.com/t5/Getting-Data-In/What-time-is-displayed-in-raw-splunk-logs/m-p/447221#M95447 <P>Thanks for the explanation. I am not blaming splunk for anything, just trying to understand so it can utilized in correct manner. <BR /> With the explanation you are giving, it seems the source log file is logging in EST, that would mean the server which I assumed was in GMT is in fact in EST location. So, I need to change my account settings to EST then, to get consistent logs.<BR /> I will try this and see if it helps in finding old logs in appropriate date time range.</P> Sat, 16 Mar 2019 17:48:10 GMT https://community.splunk.com/t5/Getting-Data-In/What-time-is-displayed-in-raw-splunk-logs/m-p/447221#M95447 gsonal03 2019-03-16T17:48:10Z https://community.splunk.com/t5/Getting-Data-In/What-time-is-displayed-in-raw-splunk-logs/m-p/447222#M95448 <P>You've got it.</P> Sat, 16 Mar 2019 17:50:59 GMT https://community.splunk.com/t5/Getting-Data-In/What-time-is-displayed-in-raw-splunk-logs/m-p/447222#M95448 woodcock 2019-03-16T17:50:59Z