Solved: Re: REST API Modular Input: Why is the timestamp o...

CSummersDOT · ‎01-14-2015

Just installed the REST API Modular Input and love it so far, but I'm having 1 major issue. The timestamp on all of my events from this module are 1 hour ahead of my current time. Anything I can do to fix this? It's breaking the relative search in my dashboard.

CSummersDOT · ‎01-16-2015

Found it. Pretty stupid of me, I didn't realize the json from the web api ad a datetime in it and it's 1 hour off.

View solution in original post

CSummersDOT · ‎01-16-2015

Found it. Pretty stupid of me, I didn't realize the json from the web api ad a datetime in it and it's 1 hour off.

knutsod · ‎01-16-2015

You can tell splunk to use its own time for _time and not try and look it up in the event, but I would recommend just fixing the source if you can for accuracy.

knutsod · ‎01-15-2015

Are you referring to the _time field?

CSummersDOT · ‎01-15-2015

Yes, _time. My other inputs are showing correct time but the REST and Command apps aren't. Couldn't find any reference to a TZ change in any prop.confs. No idea where to look now. Even read through the python script and all it does is return the json strong.

REST API Modular Input: Why is the timestamp on all my events 1 hour off and how do I fix this?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

REST API Modular Input: Why is the timestamp on all my events 1 hour off and how do I fix this?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits