Hello,
I am having hard time in understanding timezone assignment to the log event. I went through all the required doc but still doesn't have proper understanding.
My log time stamp look like below, having timezone information as UTC.
**2017-10-13 03:08:19.185+0000: starting up**
Search Head/Indexer time zone is AEDT (Australia/Sydney). I want to ingest the data where user can search the data based on AEDT timezone only without changing timezone from web interface.
I have done below config in props.conf
TIME_FORMAT=%Y-%m-%d %H:%M:%S.%3N%z%
TZ = UTC
Here's how logs are looking in Splunk. Is this correct? So If user is searching the data he will see the correct result based on time range selected and result will be UTC logs converted to AEDT time zone?
Please help.
![alt text][1]
[1]: /storage/temp/219593-screenshot.png
↧