All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to index the message trace report with local timestamp

dwangfeng
Engager
‎05-25-2018 12:03 PM

I can use microsoft office 365 reporting add-on to collect message trace reports, however all the reports are default to UTC time. can we have some configuration in this add-on so that when it is consumed by splunk the timestamp can be converted to local time?

Thanks.

Reply

wstarowicz
Path Finder
‎05-29-2018 06:16 AM

Try to add file props.conf with the following content (in etc/apps/TA-MS_O365_Reporting/local/):
[ms:o365:reporting:messagetrace]
TZ = Zulu

Reply
Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...