By definition Epoch time is UTC.
http://www.unixtimestamp.com/index.php
The unix time stamp is a way to track time as a running total of seconds. This count starts at the Unix Epoch on January 1st, 1970 at UTC.
So the only solution is to rewrite your timestamp before splunk reads it.
... View more