We have added tickets from our ticketing system into splunk. However I had to add "DATETIME_CONFIG = NONE" because it was reading them in the future and erroring. How can I update that sourcetype to read that field as event creation time while converting that GMT to local time?
The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Forums: SplunkGeneral: Converting incoming GMT on events
Previous Topic: Clear Windows Logs? | Next Topic: auditing data sent to splunk
Posts 1–1 of 1