All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to index the message trace report with local timestamp

dwangfeng
Engager
‎05-25-2018 12:03 PM

I can use microsoft office 365 reporting add-on to collect message trace reports, however all the reports are default to UTC time. can we have some configuration in this add-on so that when it is consumed by splunk the timestamp can be converted to local time?

Thanks.

Reply

wstarowicz
Path Finder
‎05-29-2018 06:16 AM

Try to add file props.conf with the following content (in etc/apps/TA-MS_O365_Reporting/local/):
[ms:o365:reporting:messagetrace]
TZ = Zulu

Reply
Get Updates on the Splunk Community!

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...

Platform Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...