Solved: splunk app for palo Alto , Time Zone issue in the ...

SunilMaharishi · ‎11-15-2018

Hello Team ,

we have strange issue with the logs we receive from palo alto devices , we have app/addon installed and as i see props.conf file has time zone configured as TZ=GMT for these logs and devices who are sending logs are also in GMT only .

Now when i search logs in search head with real time windows it shows correct logs .

But if i select logs for last 4 hours 60 minutes etc . it shows alert where event time is delayed by 8 hours. that is last event it shows is 8 hours earlier.

when i select all time it will show current event from firewall for eg :- if current time is 2PM UTC then event shown is 2PM
and splunk user time it shows is 10 PM PST in the logs listed .

I am not sure what is wrong as sourcetypes are having TZ=GMT configured but still looks like splunk is adding 8 hours in it as my splunk servers are in pst.

SunilMaharishi · ‎01-10-2019

solved the problem

View solution in original post

SunilMaharishi · ‎01-10-2019

solved the problem

GW · ‎06-11-2021

There is a very special, and very warm, place for people who DON'T POST THE SOLUTION! !#@$!@#$%@#$%@$#^

ashajambagi · ‎05-07-2019

What was the solution?

DBattisto · ‎03-05-2019

How did you solve this issue?

splunk app for palo Alto , Time Zone issue in the logs we received

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024