I set up in Splunk 4.3 a file directory data input to index our log files which are generated in multiple timezones but stored in a single shared directory on a network drive. The file timestamps...
...hey get indexed like that,
now time on the splunk machine is 10:37 and last log shows 2 timezones,
i dont have source in props.conf
b/c i dont use files to import the logs
all i have is syslog pipe a...