It sounds like the event date is being set to the index date
What does your props.conf look like for setting the timestamp?
from User warren – Stack Overflow https://stackoverflow.com/questions/66641473/siem-plugin-for-sailpoint-and-splunk-timestamp-discrepancy/66642863#66642863
via IFTTT