Then I assume that Windows internally keeps the US format of the date notations, and that the "Regional Settings" are applied when data is presented to the user (e.g. Event Viewer).
It's my guess that Splunk pulls the log files in the native format, regardless of the "Regional Settings". Do you really NEED to change it, or is it just that you want to eliminate any possible sources of confusion, by having the date recorded in the same (European) manner across all log files?
Perhaps there is a way around that, of which I am not aware, but tampering with the log files may be unwise, if the logs should need to be presented as evidence in court - even if rearranging the timestamp may seem like a small alteration. Then again, I am not a lawyer, but there is a reason why log centralization tools often boast that "log files are kept in their original format", "tamper-proof storage" etc etc.
Sorry that my previous answer was wrong.
Kristian
... View more