I having issue with data due to DST timezone update since 29 March as data is coming one hour late in splunk and due to that we are getting false alert.
Can someone guide me how can we update the timezone in DB connect app? also again do we need to make it to default after DST end?
Appreciating your help.
Is this issue in all of your inputs or only some? Sounds like your timestamp field didn't contain timezone information and for that reason it fails when DST will apply.
here is told how you should select timestamp field from your input to get correct timestamp. https://docs.splunk.com/Documentation/DBX/3.8.0/DeployDBX/Createandmanagedatabaseinputs
On answer which could help or not? It's not an exactly same issue that you have.
Hello @isoutamo ,
Thanks for replying on my query.
I having issue with some of the source type and connection, its not general issue with our env.
If we add the TZ = BST for affected sourcetype/connection but do we need to revert it back once DST end?
And its not feasible way to make changes everytime and have to make it while indexing data.