Solved: How to configure alert based on other timezones?

ankithreddy777 · ‎07-18-2018

Hi,
I have data coming in with event timestamps configured in CST time zone.

But I have one requirement to schedule alert based on London time every day. Basically, the difference between London and CST times are 5 or 6 hours based on time of the year. so, I cannot give constant Cron-Schedule for scheduling the alert by converting London time to CST time.
May I know if there is an approach to handle this scenario?

woodcock · ‎07-18-2018

Create a local Splunk user called TZ_London, login as that user and set his Time zone so that Splunk knows how to interpret Timepicker values like Today and Yesterday, etc. by clicking TZ_London -> Settings -> Time zone. Then clone the report so that TZ_London owns it and it runs as him with his Time zone setting. This way Splunk handles Daylight Savings and everything else.

View solution in original post

woodcock · ‎07-18-2018

Create a local Splunk user called TZ_London, login as that user and set his Time zone so that Splunk knows how to interpret Timepicker values like Today and Yesterday, etc. by clicking TZ_London -> Settings -> Time zone. Then clone the report so that TZ_London owns it and it runs as him with his Time zone setting. This way Splunk handles Daylight Savings and everything else.

How to configure alert based on other timezones?

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?