Customers integrating Change Auditor with Splunk (SIEM) would like to align Korean Standard Time (KST) with UTC timestamps when forwarding events to Splunk.
They want to know whether Change Auditor provides a configuration to adjust time zones, or if additional settings are required during integration.
Change Auditor stores all audited events in its database using UTC timestamps.
When events are forwarded to external systems such as Splunk, the same UTC timestamp is sent without time-zone conversion.
Change Auditor does not perform time-zone localization during event storage or forwarding.
No Change Auditor–side configuration is required to adjust or convert event timestamps.
Change Auditor always stores and forwards events in UTC.
Any time-zone conversion or localization (for example, displaying events in KST) must be configured on the Splunk side.
End users can leverage Splunk’s existing time-zone handling and display settings to convert UTC timestamps to their local time zone during searches and reporting.
This behavior is expected and by design.
