Splunk is not showing the correct time on the events. The time that Splunk gives the log is 5 hours behind the time that it is supposed to be. The time is correct on the server and the logs but Splunk is saying it is 5 hours behind. For the below timestamp it is giving it a time of 8:48:06.000 AM when it should be 1:48:06.000PM.
2017-02-22T13:48:06Z
In props.conf I have TIME_FORMAT=%Y-%m-%dT%H:%M:%SZ
I have also tried changing the timezone to TZ = UTC and that did not fix it.
... View more