All Apps and Add-ons

In logs coming from Splunk DB Connect, why am I seeing a 1-hour time difference in "time" and "event" fields in the search results?

saichandjawari
Explorer

Splunkers,

I am seeing exactly a one-hour time difference in "time" and "event" fields in my search results. The logs are coming in via DB Connect, and initially, I thought that the issue was with the time zones. I tried to change the timezones but that doesn't work.

Can someone please suggest on this?

Thanks!

0 Karma

gn694
Communicator

I'm seeing the same issue.  Did you ever get this figured out?

0 Karma

ccl0utier
Splunk Employee
Splunk Employee

This answer post might help if you haven't seen it already: https://answers.splunk.com/answers/590013/db-connect-inputs-data-timestamp-is-in-est-but-spl.html

If not, we'll need more details to help you (DB Connect version, DB Connection/Session/Query TZ settings, what you tried exactly, etc...).

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...