Running the Splunk Add-on for Netflow on a Linux server so it can translate the data and forward it to our main Splunk instance running on Windows. The Netflow data on the Linux box looks something like this for date and time:
1969-12-31 19:00:00,1969-12-31 19:00:00,0.000
This then gets sent over to our indexer (Windows box) and it stamps it with the right date, but the time it stamps it with is 7PM. What can I adjust in the Netflow add-on or on the indexer to get it to stamp it with the correct times?
↧