×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
mrteen2010
Loves-to-Learn
Member since: ‎04-27-2021
‎04-30-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-27-2021
Activity Feed
View All

Re: Splunk index event with incorrect timezone

by in Getting Data In
‎04-28-2021 12:24 AM
‎04-28-2021 12:24 AM
Hi,  It isn't possible simply make splunk to take the original event time from log file without TZ converting?? Thanks for your answer! ... View more

Splunk index event with incorrect timezone

by in Getting Data In
‎04-27-2021 02:16 AM
‎04-27-2021 02:16 AM
I have the following props configuration:   [log_files] SHOULD_LINEMERGE = false NO_BINARY_CHECK = true TRUNCATE = 0 KV_MODE = true pulldown_type = true TRANSFORMS_FIELDS = data,time TIME_FORMAT = %Y-%m-%d %H:%M:%S   My log files contains IIS logs as follow:   2020-01-22 12:00:37 ::1 GET /test - 80 ::1 Mozilla/5.0+(Windows+NT+6.1;+Win64; x64;+rv:47.0)+Gecko/20100101+Firefox/47.0 - 200 2 5 100   Splunk indexing this file with incorrect time, I got event with time 15:00:07 instead 12:00:37 (and I see another field date_zone=-180), How can I make splunk index event with original the time from the logs file? NOTE: I don't know the logs timezone . ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-30-2021 04:06 AM