Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Time zone config not working as expected

DavidCaputo
Path Finder
‎07-05-2023 06:07 AM

Hello,
I'm trying to configure an ingestion of logs that are in UTC time.
We are in Geneva and timezone is Europe/Zurich (=UTC+2), so, logs are displayed with the wrong date.

For example, log ingested at 14:52 today is displayed in Splunk like this :

 

 

2023-07-05 12:52:40 ..

 

 

These logs are coming from a simple UF (Windows, UF version is 8.2.4). My Splunk environment is Linux (RedHat 8 / Splunk version is 9.0.4)

As documented, I tried to add in a props.conf something like this :

 

 

[source::D:\path\to\file.log]
TZ = Europe/Zurich

 

 

First I added it in the UF configuration. No effect.
Then I tried to put it on indexers. No effect.

I also tried to use the sourcetype name ([my_sourcetype] ) instead of the source path or replace the Europe\Zurich value with "TZ = UTC+2"... it didn't work any better.

Help would be appreciated !
Thanks
David

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...