Hello, I am using "Splunk_TA_juniper" and I noticed a new problem with timestamp: there is a one hour offset for the timestamp compared to the time in the event. For instance, when I have an event whose _raw value starts with "Oct 28 15:12:37 fw-01-gra RT_FLOW: ...", the timestamps is "2021-10-28T16:12:37.000+02:00" (16h instead of 15h). In addition, the event will only appear after an hour after its received by the indexer, in fact when the timestamp value is less than the current time. This behaviour is new. When I examine events for september (for instance), the timestamp matches the time in the event. I tried to restart Splunk and the forwarder, nothing was changed. I haven't modify the configuration files for a long time, and I don't know what to do. Do you have an idea of what is going on or a possible solution? Regards Denis
... View more