Getting Data In

Change the time stamp in the log data by adding 2+ Hours

datamine
Loves-to-Learn Lots

hi All,IN the AWS inputs logs we are getting timestamps behind 2 hours and we need to adjust it to UTC + 02:00 . I have applied it in  in the props.conf on the HF where the aws input is configured as below[source::s3:/cloudfx-s3/*]
TZ = UTC+02:00But it didnt worked , Can someone please let me know if its the right way to adjust the Timestamp in the logs ?

020-09-22  12:14:43    FCO50-C1    2253    5.171.196.19    GET d1q57ainn85gvl.TA_jvmjam.net    /fe-api/v1/notifications    200 https://m.lego.it/scommesse-live    Mozilla/5.0%20(Linux;%20Android%2010;%20Mi%209T%20Pro)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/85.0.4183.81%20Mobile%20Safari/537.36    =1600770582725  -   Miss    QumS5aHxkycZd-vjOLlapECGcIYloeTTUq4KursjmmdpHWotnCLDQ== m.lego.it   https   2147    0.110   -   TLSv1.3 TLS_AES_128_GCM_SHA256  Miss    HTTP/2.0    -   -   32299   0.110   Miss    application/json;%20charset=utf-8   1895    -   -
    
2020-09-22  12:14:43    IAD66-C1    23128   157.55.39.108   GET d1q57ainn85gvl.TA_jvmjam.net    /slot-machine/wild-rails/   200 -   Mozilla/5.0%20(compatible;%20bingbot/2.0;%20+http://www.bing.com/bingbot.htm)   -   -   Miss    jG0oTG9mljNfR0k-NQ5R6u_EWH0v0cggDlPDLfzmOgPEMMJrDHCtiQ==    www.lego.it https   296 0.594   -   TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 Miss    HTTP/1.1    -   -   13054   0.468   Miss    text/html;%20charset=utf-8  22053   - 

Here it is 12:14:43 but we need it as +2H as 14:14:43

 

Labels (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The TZ setting specifies the time zone of the event, not the desired time zone.  Set TZ=UTC so Splunk knows when the event occurred.  At search time, it will convert the timestamp to your selected time zone.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...