Why doesn't the time picker work properly at "appm...

stardust927 · ‎05-10-2018

I downloaded "Application Management v2.0".

This is my query

index=appmgmt sourcetype=access_combined
| timechart count span=5m

And I set earleist time as "1525878000" and latest time as "now".

I expected the graph begins at 2018.05.10 00:00:00, but it doesn't

It came out like this

You can see it starts at 2018.5.09 16:00.

It makes me crazy, why time doesn't the picker work properly?

When I use "static table" format with same query it came out correctly

But when I make it with graph format, it draw wrong timezone..

niketn · ‎05-10-2018

@stardust927, could this be due to your timezone setting as Splunk's logged in user?

http://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureuserswithSplunkWeb

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

stardust927 · ‎05-10-2018

Well...I think timezone setting is correct, because when I use "static table" format with same query timezone came out correct.
But if I use graph format it came out weird... I added picture at my question.

Why doesn't the time picker work properly at "appmgmt data"?

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!