I need to change the timezone for a host sending logs to our production instance.
I have set up a free test instance of Splunk to try this out before making any changes and have been unsuccessful.
I am sending syslog via port 514 and monitoring the var/log/auth.log file on this test instance.
Can anyone offer me guidance on what I am doing wrong?
My changes to props.conf are below.
/opt/splunk/etc/system/local/props.conf
[host::127.0.0.1]
TZ = Americas/Los_Angeles
[host::cb-mint]
TZ = Americas/Los_Angeles
... View more