Alerting

Splunk alert/reports

DataOrg
Builder

i have a search head in eastern time and user is configured in Asia time.
so if i configure a report/alert in which time the reports wil be executed. whether user time or search head time.
so if user scheduling a cron on his timezone to run at 6PM.. what time zone the report will run whether search head time or user timezone

0 Karma
1 Solution

renjith_nair
SplunkTrust
SplunkTrust

@premranjithj,

User time zone is just to present you results in your time zone but the searches will be still run on the server time. Please see below post more information!
https://answers.splunk.com/answers/232647/what-timezone-does-my-scheduled-search-run-in.html

Happy Splunking!

View solution in original post

renjith_nair
SplunkTrust
SplunkTrust

@premranjithj,

User time zone is just to present you results in your time zone but the searches will be still run on the server time. Please see below post more information!
https://answers.splunk.com/answers/232647/what-timezone-does-my-scheduled-search-run-in.html

Happy Splunking!

DataOrg
Builder

so if server is Eastern time and user in asia time. if user considering to get last 4 hours data of user time.. what time zone data we will user get?

Eastern standard time data with replaced in user time zone or user time with eastern standard time?

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@premranjithj,
Here is an example :

  • My server is set to Asia time (Singapore)
  • User settings is set to Alaska (US)
  • Time range selected for last 15 minutes at 9:44 PM

Time shown in _time : 7/26/18 5:44:23.356 AM

Time of events : 127.0.0.1 - admin [26/Jul/2018:21:44:23.356 +0800]

Happy Splunking!
0 Karma

thambisetty
SplunkTrust
SplunkTrust

It would be user timezone.
Because, while search displaying the results user time will be considered. In the same way for scheduled alerts also user time will be considered.

————————————
If this helps, give a like below.
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...