Our Sales Engineer said -
-- You’re right, documentation is lacking here. But I’d argue that’s because it’s not something our users can change or need to.
In fact, we use the standard libraries for various programming languages to fetch TZ info (including DST info) from the system time database. We then make the (very useful) transformation of data in our program’s memory to UTC time, which of course helps us stay consistent despite TZ & DST changes.
As long as the OS has a correct time set and has up to date info for the timezone database, Splunk will remain in sync as well. Pretty standard software feature, honestly a lot harder to get wrong than to get right.
Perfect @ragedsparrow