I am seeing exactly a one-hour time difference in "time" and "event" fields in my search results. The logs are coming in via DB Connect, and initially, I thought that the issue was with the time zones. I tried to change the timezones but that doesn't work.
Can someone please suggest on this?
This answer post might help if you haven't seen it already: https://answers.splunk.com/answers/590013/db-connect-inputs-data-timestamp-is-in-est-but-spl.html
If not, we'll need more details to help you (DB Connect version, DB Connection/Session/Query TZ settings, what you tried exactly, etc...).