Example of event sent to splunk. When Splunk gets it says it happened at 4:49pm Est when it actually happened at 11:49am Est
2017-02-23T16:49:45.582791 direction="inbound", protocol="ip", ids_type="network", dest="192.000.000.231", ssh_username="user", app="cowrie", transport="tcp", dest_port="22", src="203.00.000.73", src_port="54187", severity="high", vendor_product="Cowrie", sensor="f1abd5b4-f2ed-11e6-a7c2-00155d3f1218", ssh_password="cyprus1", signature="SSH login attempted on cowrie honeypot", ssh_version="SSH-2.0-libssh-0.1", type="cowrie.sessions"
... View more