Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is Splunk assigning the wrong date for my firewall logs when it used to record dates accurately before?

yschiff
New Member
‎09-29-2015 02:13 PM

For some reason, Splunk is misreading the data from my firewall logs. The events clearly show the correct date and time, but Splunk is for some reason interpreting the date incorrectly. For example, in my screenshot is an event which shows occurring on 9/29/2015. However, Splunk is recording it as 9/28/2015. I'm not entirely sure when this started happening. Splunk used to record the dates accurately.

Thanks.

alt text

Preview file
1 KB
0 Karma
Reply

maraman_splunk
Splunk Employee
Splunk Employee
‎06-01-2016 02:03 PM

it looks like a timezone issue
If your firewall is logging in local time and the timezone is not in the log, then splunk will thinks it is UTC. you can tell splunk which timezone it is by setting TZ= in props.conf (can do it by source for example)

0 Karma
Reply

jterry
Splunk Employee
Splunk Employee
‎06-01-2016 01:39 PM

any chance of this being a time-zone issue? Perhaps check to see whether the splunk account profile you're using has a different timezone setting than the firewall system.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...