Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is Splunk assigning the wrong date for my firewall logs when it used to record dates accurately before?

yschiff
New Member
‎09-29-2015 02:13 PM

For some reason, Splunk is misreading the data from my firewall logs. The events clearly show the correct date and time, but Splunk is for some reason interpreting the date incorrectly. For example, in my screenshot is an event which shows occurring on 9/29/2015. However, Splunk is recording it as 9/28/2015. I'm not entirely sure when this started happening. Splunk used to record the dates accurately.

Thanks.

alt text

Preview file
44 KB
0 Karma
Reply

maraman_splunk
Splunk Employee
Splunk Employee
‎06-01-2016 02:03 PM

it looks like a timezone issue
If your firewall is logging in local time and the timezone is not in the log, then splunk will thinks it is UTC. you can tell splunk which timezone it is by setting TZ= in props.conf (can do it by source for example)

0 Karma
Reply

jterry
Splunk Employee
Splunk Employee
‎06-01-2016 01:39 PM

any chance of this being a time-zone issue? Perhaps check to see whether the splunk account profile you're using has a different timezone setting than the firewall system.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...