SIEM plugin for SailPoint and Splunk timestamp discrepancy

I have a question about how events arrive inside of a tool such as Splunk.

Currently, it appears that the way the plugin works is it will send the records over to the log collection application in question, placing the time stamp of the event in epoch time (located in the attributes of the event).

However, it would appear that within Splunk, it is marking the event time at which point it entered into Splunk.

So, for example, I have an event that happened two years ago, the time stamp on the event shows that and SailPoint shows that (even Splunk will show that if you drill into the event).

However, when I import into Splunk, let's say today (March 15, 2021), Splunk will show the event timestamp of today instead of when the actual event took place.

So when I am doing analytics, I can't actually look for when the event took place based on Splunk's timestamps (because Splunk is showing the day of import, not when the event took place): it won't actually be showing me events that took place two years ago.