Splunk Enterprise

Why is Splunk assigning the wrong date for my firewall logs when it used to record dates accurately before?

yschiff
New Member

For some reason, Splunk is misreading the data from my firewall logs. The events clearly show the correct date and time, but Splunk is for some reason interpreting the date incorrectly. For example, in my screenshot is an event which shows occurring on 9/29/2015. However, Splunk is recording it as 9/28/2015. I'm not entirely sure when this started happening. Splunk used to record the dates accurately.

Thanks.

alt text

0 Karma

maraman_splunk
Splunk Employee
Splunk Employee

it looks like a timezone issue
If your firewall is logging in local time and the timezone is not in the log, then splunk will thinks it is UTC. you can tell splunk which timezone it is by setting TZ= in props.conf (can do it by source for example)

0 Karma

jterry
Splunk Employee
Splunk Employee

any chance of this being a time-zone issue? Perhaps check to see whether the splunk account profile you're using has a different timezone setting than the firewall system.

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...