<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Why is timestamp different in Splunk compared to the logs and can I view the timezone setting in Splunk Web? in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Why-is-timestamp-different-in-Splunk-compared-to-the-logs-and/m-p/126330#M25995</link>
    <description>&lt;P&gt;You can see and edit the time zone used to display data for your user by clicking your user name in the top bar of the Splunk UI.&lt;/P&gt;</description>
    <pubDate>Thu, 05 Feb 2015 00:28:23 GMT</pubDate>
    <dc:creator>martin_mueller</dc:creator>
    <dc:date>2015-02-05T00:28:23Z</dc:date>
    <item>
      <title>Why is timestamp different in Splunk compared to the logs and can I view the timezone setting in Splunk Web?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Why-is-timestamp-different-in-Splunk-compared-to-the-logs-and/m-p/126329#M25994</link>
      <description>&lt;P&gt;I have a question,&lt;/P&gt;

&lt;P&gt;Can I view time zone setting in the Splunk web? I need to check what time zone been set in Splunk.&lt;/P&gt;

&lt;P&gt;Example log taken from Splunk&lt;BR /&gt;
&lt;STRONG&gt;Jan 27 08:53:39&lt;/STRONG&gt; xx.xx.xxx.xxx &lt;EM&gt;Jan 27 16:51:35&lt;/EM&gt; [&lt;EM&gt;2015-01-27 16:51:35.984&lt;/EM&gt; &lt;/P&gt;

&lt;P&gt;If you refer to example above, highlighted Italic is refer to ESX Server. ESX setting UTC Time Zone. &lt;/P&gt;

&lt;P&gt;To more detail and make easier reader understand.&lt;BR /&gt;
 1. When I click the Splunk App and it appear Internet Explorer (Splunk &amp;gt; Home)&lt;BR /&gt;
 2. Then I click search&lt;BR /&gt;
 3. Then I click Data Summary and appear dialog box to me to choose which ESX. This is more interesting part because column Last Update in my Time Zone&lt;BR /&gt;
 4. After clicking one host then it appear the log report (like example)&lt;/P&gt;

&lt;P&gt;Additional Infomation&lt;BR /&gt;
Splunk install in Windows Server 2008 and time zone in Desktop is local time(+8). I said Splunk installation on this server due to I can see Splunk web services in this server. Lastly I check file "props.conf" not found any TZ.&lt;/P&gt;

&lt;P&gt;Hope someone can help me regarding this. &lt;/P&gt;

&lt;P&gt;Thanks,&lt;/P&gt;</description>
      <pubDate>Wed, 04 Feb 2015 03:06:46 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Why-is-timestamp-different-in-Splunk-compared-to-the-logs-and/m-p/126329#M25994</guid>
      <dc:creator>rais317</dc:creator>
      <dc:date>2015-02-04T03:06:46Z</dc:date>
    </item>
    <item>
      <title>Re: Why is timestamp different in Splunk compared to the logs and can I view the timezone setting in Splunk Web?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Why-is-timestamp-different-in-Splunk-compared-to-the-logs-and/m-p/126330#M25995</link>
      <description>&lt;P&gt;You can see and edit the time zone used to display data for your user by clicking your user name in the top bar of the Splunk UI.&lt;/P&gt;</description>
      <pubDate>Thu, 05 Feb 2015 00:28:23 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Why-is-timestamp-different-in-Splunk-compared-to-the-logs-and/m-p/126330#M25995</guid>
      <dc:creator>martin_mueller</dc:creator>
      <dc:date>2015-02-05T00:28:23Z</dc:date>
    </item>
    <item>
      <title>Re: Why is timestamp different in Splunk compared to the logs and can I view the timezone setting in Splunk Web?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Why-is-timestamp-different-in-Splunk-compared-to-the-logs-and/m-p/126331#M25996</link>
      <description>&lt;P&gt;Martin already answered to this question.&lt;/P&gt;

&lt;P&gt;Additional Info.&lt;/P&gt;

&lt;P&gt;"Why is timestamp different in Splunk compared to the logs?"&lt;BR /&gt;
1. At index time, Splunk parse and set  time stamp in epoch time. &lt;BR /&gt;
2. At search time, Splunk search events with epoch time based on User's timezone so that user can see when the event happened based on user's time. &lt;/P&gt;

&lt;P&gt;&lt;A href="http://docs.splunk.com/Documentation/Splunk/6.2.1/data/Applytimezoneoffsetstotimestamps"&gt;http://docs.splunk.com/Documentation/Splunk/6.2.1/data/Applytimezoneoffsetstotimestamps&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Sat, 07 Feb 2015 01:20:04 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Why-is-timestamp-different-in-Splunk-compared-to-the-logs-and/m-p/126331#M25996</guid>
      <dc:creator>Masa</dc:creator>
      <dc:date>2015-02-07T01:20:04Z</dc:date>
    </item>
  </channel>
</rss>

