Hi guys,
i'm in GMT+2 timezone and having events from sourcetype=tibco.
Based on the event the timestamp format is different:
2019-09-10 12:48:14.066 [blablabla]
OR
2019 Sep 10 12:48:10:263 GMT +0200 [blablabla]
Actually splunk displays all Events with the first time stamp correctly, events with the second time stamp format are displayed as in future for +2 hours (due to the "GMT +0200").
My question is how to correct this issue. I've tried several things in system/local/props.conf without having success. Does sb have an idea?
Thanks in advance and regards
Mika
↧