Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Skipping time conversion

MOHITJOSHI
Engager
‎02-05-2020 01:44 PM

I have events which has EST timestamp already and i don't want splunk to do any time conversion.

whats occurring right now is splunk is transforming this to EST again thinking its UTC time.

raw event time- 02/05/2020 02:08:49.074
splunk timestamp - 2/4/20 9:08:49.074 PM

i am looking to have no transformation applied and keep the raw event time as the timestamp
alt text

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-05-2020 01:48 PM

Add TZ = EST to the appropriate props.conf stanza.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-05-2020 01:48 PM

Add TZ = EST to the appropriate props.conf stanza.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

MOHITJOSHI
Engager
‎02-05-2020 02:32 PM

ah..i figured out...it needed a restart of splunk.

0 Karma
Reply
Solved! Jump to solution

MOHITJOSHI
Engager
‎02-05-2020 01:57 PM

Tried that already but still the same.

[mysourcetype]
TZ = EST

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...