Hi everyone !
Recently in my city, we've changed from summer to winter time and, of course, the server where Splunk is installed too. But, while all my communications devices have changed, Splunk did not. When I search an event, the syslog of my devices is one hour before the Splunk's time. Can anybody help me?
Thanks.
First of all , always put the core system (Linux Server for example) to UTC only. In my opinion, everything should run on UTC or otherwise every single reporting system should have timezone atleast
When it comes to UI (front-end), you can change user-prefs.conf to customise to timezone/language you require
Have you checked the time zone setting on your Splunk account?