I'm trying to use the date_hour and date_minute fields (which reads perfectly the hours and minutes of my events from the corresponding source).
The problem is that when I perform a search, the results shows:
12:00:00.000 AM event_x * date_hour=1 date_minute=0
11:55:00.000 PM event_y * date_hour=0 date_minute=55
And the time that Splunk uses for charting is the shown on the first column (which is wrong) instead of the hour and minute shown on the date_hour and date_minute fields (which are right).
How can I tell Splunk to use the correct time (date_hour and date_minute)?
Thanx in advance.