All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Issues with applying TZ property for AWS CloudWatch log group inputs

sanjeev543
Communicator
‎05-17-2020 12:22 AM

Hi All,

I am using the Splunk Add-On for AWS to fetch the CloudWatch log group events, add-on is installed on HF and all the logs are getting TZ property from System TZ property of HF(EDT). Now I wanted to change the TZ for couple of CloudWatch log groups to UTC.
Hence, I tried configuring the props.conf in the Splunk_TA_AWS/local with following settings

[cloudwatch:lamba:groups]
TZ = UTC

But I don't see logs are getting this property getting applied for this sourcetype logs
Is there some other way, we need to config TZ property for AWS logs.

0 Karma
Reply

to4kawa
Ultra Champion
‎05-17-2020 01:27 AM

The time zone issue is basically changed to EPOCH time, so I think it's a user preference issue.

The question is.

When searching the log with the user preference UTC, but _time is not UTC.

Is it this?

0 Karma
Reply

sanjeev543
Communicator
‎05-17-2020 02:38 AM

Yes, even when the user has UTC, it's still showing the _time as EDT i.e time in event and _time are not matching

0 Karma
Reply

to4kawa
Ultra Champion
‎05-17-2020 02:54 AM

If there is not timezone strings(e.g. EDT, JST), TZ is works.

Can you use TZ_ALIAS = on props.conf ?

and props.conf is required not only for HF but also for indexer.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...