Try this: ```Gets the original timestamp. In this case it's when the latest data was ingested into Splunk. The friendly time will be in YOUR LOCAL time zone set in Splunk preferences.``` index=something sourcetype=something | stats latest(_time) as LATEST_DATA_PULL_TIME | eval LATEST_DATA_PULL_TIME_friendly_local=strftime(LATEST_DATA_PULL_TIME, "%m/%d/%Y %I:%M:%S %P") ```Sets the TARGET time zone.``` | eval to_tz="US/Eastern" ```Converts timestamp to friendly showing YOUR LOCAL time zone, then replaces YOUR LOCAL time zone with the TARGET time zone, then converts the time back into epoch. This creates a new epoch timestamp which is shifted by the difference between YOUR LOCAL time zone and the TARGET time zone.``` | eval LATEST_DATA_PULL_TIME_tz_replaced=strptime(mvindex(split(strftime(LATEST_DATA_PULL_TIME, "%c|%Z"), "|"), 0)+"|"+to_tz, "%c|%Z") ```Calculates the difference between the original timestamp and the shifted timestamp, essentially returning the difference between YOUR LOCAL time zone and the TARGET time zone, in seconds.``` | eval time_diff=LATEST_DATA_PULL_TIME-LATEST_DATA_PULL_TIME_tz_replaced ```Increses the original timestamp by the difference calculated in the previous step, and then converts it to friendly time.``` | eval LATEST_DATA_PULL_TIME_tz_corrected_friendly=strftime(LATEST_DATA_PULL_TIME+time_diff, "%m/%d/%Y %I:%M:%S %P") ... View more