Merge pull request #319 from splunk/update/guess-timezone

Add guess-timezone() to sources with epoch timestamps
CSVD · Feb 11, 2020 · 3d8d39b · 3d8d39b
2 parents 2f3d8cf + 4bd769c
commit 3d8d39b
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/package/etc/conf.d/filters/cisco/meraki.conf b/package/etc/conf.d/filters/cisco/meraki.conf
@@ -15,7 +15,9 @@ parser p_cisco_meraki {
         };
         parser {
             date-parser(format('%s')
-                        template("${EPOCH}"));
+                        template("${EPOCH}")
+                        flags(guess-timezone)
+            );
         };
     };
 

diff --git a/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl b/package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl
@@ -16,11 +16,15 @@ parser p_cef_header {
 };
 
 parser p_cef_ts_rt {
-    date-parser(format("%s") template("${.cef.rt}")
+    date-parser(format('%s')
+                template("${.cef.rt}")
+                flags(guess-timezone)
     );
 };
 parser p_cef_ts_end {
-    date-parser(format("%s") template("${.cef.end}")
+    date-parser(format('%s')
+                template("${.cef.end}")
+                flags(guess-timezone)    
     );
 };