Re: Change all user timezone

BrianLam · ‎06-17-2025

Hi,

I would like to ask to how change all user timezone to Pacific time. I did some research and see people recommend to config this file - SPLUNK_HOME/etc/apps/user-prefs/local/user-prefs.conf. But from what I know, or at learst how my Splunk was set up. It's a Saas, they provided me a link to my domain and I start using it. I'm not quite sure where exactly is the mentioned file.

Thanks,

Brian

PickleRick · ‎06-18-2025

What do you mean by "Saas" here? It's either a Splunk Enterprise instance (either administered by you or a third party) or a Splunk Cloud service subscription.

isoutamo · ‎06-17-2025

What you are meaning with “change tz for all users”? If they are sitting in PT time zone and they are using “use system TZ settings” then it is already in PT time zone if their workstations/ laptops are correctly configured.

If you want to change that also for people which are not sitting in PT zone, then I ask why?

In internally splunk is storing all times as UTC. Then it shows times by users time zone or what they have set in their account preferences.

BrianLam · ‎06-17-2025

I created roles using SAML config then assign the role to user when they are created. I looked into all users and they don't have a default time zone set to their account. Yes they can set it through preference and I also can manually change it in Setting for all of the users but it's tedious to do one by one. I want to config it so that all the old and future users would have PT time zone automatically.

isoutamo · ‎06-17-2025

If they haven’t set any time zone then it’s their workstation’s time zone. Is this tz wrong or what is the issue? I’m afraid that you are trying to solve an issue which doesn’t exists!

BrianLam · ‎06-17-2025

yes, the time zone is wrong, I check with a user, they're located in PT time zone but their default time zone is UTC.

isoutamo · ‎06-17-2025

The Splunk’s TZ has set to UTC on browser and workstation has correct PT TZ? What SSO/idp you are using?

eddieddieddie

I also get this same problem with our new Splunk Cloud instance. All users default to what looks like UTC timezone, in the preferences for each user the time zone shows as "-- Default System Timezone --" (or if I look at the user, as an admin from the 'users' screen it shows as unset). This impacts both locally created user accounts and for accounts from SAML authentication.

Is there a way to set a default timezone for at least new SAML users? As all users will be in New Zealand so having a default the timezone as UTC is just confusing.

bowesmana

I don't believe you can set the default for SAML users. I went through this recently with a bunch of South Australian users and it caused no end of problems for the non technical users as time by default was UTC.

It ended up being an education / onboarding to Splunk process for those users.

Change all user timezone

other

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Join the Conversation