Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how do I get Splunk's timezone settings via Python?

awurster
Contributor
‎07-14-2015 04:44 PM

i want to log activity of what a script is doing into an index.

i'm creating current time with a datetime object in python:

now = datetime.datetime.now()
now.strftime("%Y-%m-%d %H:%M:%S %Z")

now i do know strftime has limited support for timezones... but without a timezone the log message might not get parsed correctly AFAIK, and is probably not a Good Thing to leave it off.

how can i access what Splunk thinks the host server's timezone is (independent of individual user settings, etc)? whether it's REST endpoint in Splunk, an SDK variable / function, or some native Python function doesn't matter to me.

0 Karma
Reply

woodcock
Esteemed Legend
‎07-14-2015 08:15 PM

If you have done the right thing and configured a TZ= value in your props.conf for every source (except for some scripted inputs from TA apps), then you can check the date_zone field to see what Splunk thinks is the TZ for each event. If you see local then this means that the TZ of the indexer (or heavy forwarder) was used (which is usually bad/wrong). You are mistaken to think that Splunk "has a TZ" because it doesn't; all Splunk times are stored in GMT-based epoch (TZ=0) so you should never need to do any TZ manipulation if you are dealing with the _time field.

0 Karma
Reply

awurster
Contributor
‎07-14-2015 08:47 PM

thanks but i'm mostly just looking for a pythonic way to access the local system's timezone.

i'm writing logs to ~/var/log/splunk/foo.log which lands in the server's _internal index. it might be redundant to log a TZ, but i still am curious what the answer is.

i should also clarify that i'd like to do it natively as much as possible, without requiring a 3rd party lib like pytz to be bundled with my add-on.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top