Hi,
I am using the timezone converting attribute " _tzhint" to convert EDT to UTC . This attribute was able to convert events timestamp to UTC but it is only converting only very few events, but not all. Below is the how configuration looks. when I use "TZ=UTC" splunk is not converting to UTC timezone , it is still using system time that is the reason I used _tzhint
[monitor:///web/appache.log]
disabled = false
followTail = 0
_tzhint=UTC
index = apache_web
sourcetype=web_logs
↧