Alerting

Splunk alert/reports

DataOrg
Builder

i have a search head in eastern time and user is configured in Asia time.
so if i configure a report/alert in which time the reports wil be executed. whether user time or search head time.
so if user scheduling a cron on his timezone to run at 6PM.. what time zone the report will run whether search head time or user timezone

0 Karma
1 Solution

renjith_nair
Legend

@premranjithj,

User time zone is just to present you results in your time zone but the searches will be still run on the server time. Please see below post more information!
https://answers.splunk.com/answers/232647/what-timezone-does-my-scheduled-search-run-in.html

Happy Splunking!

View solution in original post

renjith_nair
Legend

@premranjithj,

User time zone is just to present you results in your time zone but the searches will be still run on the server time. Please see below post more information!
https://answers.splunk.com/answers/232647/what-timezone-does-my-scheduled-search-run-in.html

Happy Splunking!

DataOrg
Builder

so if server is Eastern time and user in asia time. if user considering to get last 4 hours data of user time.. what time zone data we will user get?

Eastern standard time data with replaced in user time zone or user time with eastern standard time?

0 Karma

renjith_nair
Legend

@premranjithj,
Here is an example :

  • My server is set to Asia time (Singapore)
  • User settings is set to Alaska (US)
  • Time range selected for last 15 minutes at 9:44 PM

Time shown in _time : 7/26/18 5:44:23.356 AM

Time of events : 127.0.0.1 - admin [26/Jul/2018:21:44:23.356 +0800]

Happy Splunking!
0 Karma

thambisetty
SplunkTrust
SplunkTrust

It would be user timezone.
Because, while search displaying the results user time will be considered. In the same way for scheduled alerts also user time will be considered.

————————————
If this helps, give a like below.
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...