We have a standardized log format while onboarding log files into splunk. The timestamp should come with server date/time along with UTC offset. I now want to onboard the log files which doesn't have UTC offset in it.
Can I configure my props.conf as TZ=UTC by source to add UTC offset -0400 to the log files in splunk. Will this configuration be static or dynamic? with the daylight saving ending this sunday, will it automatically take as -0500 or is there any other way I can configure. Just don't want to change it twice a year.
Thanks in advance
↧