Rather than submitting yet another question about timestamp formating, could you please update your answer with the correct format string to successfully parse a timestamp like 2015-10-22T22:41:52.546249+00:00 ? I tried %Y-%m-%dT%H:%M:%S.%6N%:z , but it doesn't seems to be working. The timezone info is probably not being captured as all event times are being translated as if the event timezone (always UTC) was the same as the splunk server (-0500), which, translated to my splunk user timezone (-0200), gives me 2015-10-23T01:41:52.546249-02:00 . Any clue?
... View more