We are noticing the exact same behavior as described above, but in our case we are exactly 5 hours behind, which coincides with the difference between our time zone (Eastern Standard) and UTC time.
Solarwinds is forwarding events to splunk correctly, but the events are from exactly 5 hours ago.
So an alert sent from solarwinds to splunk with the following eventTime: EventTime: 2018-12-18T15:39:16.2600000 actually appeared in solarwinds at 10:39 (and not 15:39).
Has anyone found a way to correct this?
Thanks!
... View more