All Apps and Add-ons

In logs coming from Splunk DB Connect, why am I seeing a 1-hour time difference in "time" and "event" fields in the search results?

saichandjawari
Explorer

Splunkers,

I am seeing exactly a one-hour time difference in "time" and "event" fields in my search results. The logs are coming in via DB Connect, and initially, I thought that the issue was with the time zones. I tried to change the timezones but that doesn't work.

Can someone please suggest on this?

Thanks!

0 Karma

gn694
Communicator

I'm seeing the same issue.  Did you ever get this figured out?

0 Karma

ccl0utier
Splunk Employee
Splunk Employee

This answer post might help if you haven't seen it already: https://answers.splunk.com/answers/590013/db-connect-inputs-data-timestamp-is-in-est-but-spl.html

If not, we'll need more details to help you (DB Connect version, DB Connection/Session/Query TZ settings, what you tried exactly, etc...).

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...