All Apps and Add-ons

Splunk Add-on for Infoblox: Why is the event time off for indexed logs in Splunk, and how do I adjust this configuration?

New Member

We have our InfoBlox appliance set to use UTC. However, Infoblox logs in Splunk are showing as -0400, but they should be -0500. Where do I adjust this? I'm not seeing anything in props.conf that stands out.

0 Karma


What version of Splunk is running in your environment? Is the forwarder that is picking up the data from infoblox the same timezone as your indexer / search head / user searching?

If all is the same, there are props.conf settings to force a timezone.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!