[BUG] The `timezone` parameter doesn't work when Eventgen is run as a Splunk app

[hexecute]

Describe the bug The timezone parameter is ignored when using SA-Eventgen.

To Reproduce Steps to reproduce the behavior:

1. Install and setup SA-Eventgen 6.5.2 (using the eventgen.conf below)
2. Look at the data coming in

Expected behavior The timezone parameter should be respected. The event data coming into Splunk should have a different timestamp than on the original events.

Actual behavior The event data coming into Splunk has the same timestamp of the original events.

Sample files and eventgen.conf file eventgen.conf.txt

Do you run eventgen with SA-eventgen? Yes

If you are using SA-Eventgen with Splunk (please complete the following information):

• Eventgen Version [e.g. 22] 6.5.2
• Splunk Version[e.g. 7.1.3] 8.0.0
• What other apps you have installed in Splunk etc/apps? None

[GordonWang]

I use the uploaded config file and tried to reproduce this issue. But I cannot reproduce it. See the attachment pic

Current China Standard time is about 2019-12-2 19:31. And the timezone config is

timezone = -0100

So, the time diff is about 9 hours early. This is the expected behavior.

And you can see that the "_time" value is exactly the same as the time string in _raw event. This is what replay and timezone behave.

@hexecute Can you give me more detail steps about how to reproduce this issue?

[GordonWang]

@hexecute l close this ticket as can not reproduce. feel free to reopen it if you have more findings.