Splunkers,
I am seeing exactly a one-hour time difference in "time" and "event" fields in my search results. The logs are coming in via DB Connect, and initially, I thought that the issue was with the time zones. I tried to change the timezones but that doesn't work.
Can someone please suggest on this?
Thanks!
I'm seeing the same issue. Did you ever get this figured out?
This answer post might help if you haven't seen it already: https://answers.splunk.com/answers/590013/db-connect-inputs-data-timestamp-is-in-est-but-spl.html
If not, we'll need more details to help you (DB Connect version, DB Connection/Session/Query TZ settings, what you tried exactly, etc...).