Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Change default web UI locale?

gljiva
Path Finder
‎01-03-2011 03:03 PM

Hi, I have seen several questions regarding change of the default en_US locale but none of the solutions work for my case.
I have tried to copy the en_GB locale content and overwrite en_US files /opt/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/locale/en_US/ but Splunk still shows old en_US timeformat. When i explicitly visit splunk:8000/en-GB/ then all timestamps are in desired format but visiting splunk:8000/en-US/ after overwriting its content it still shows old behavior (even after restart).
The solution I found that works is editing /opt/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/lib/i18n.py and replacing en-US with en-GB. This way even visiting splunk:8000/en-US/ I will get en-GB timestamps.
Latter approach is not good because upgrading Splunk will overwrite changes, and also changing Splunk code is not desired.
Changing all client browsers to return en-GB for locale is also not an option. Is there a way to achieve desired behavior by defining default locale timeformat in configuration files or some other configuration setup?

Thanks.

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

gljiva
Path Finder
‎02-01-2011 02:04 PM

Here is a response from Splunk team:

First create a new application within your splunk instance:

pwd /splunkhome/etc/apps

Make new app directory by:

mkdir time mkdir time/appserver mkdir time/appserver/modules/

pwd /splunkhome/etc/apps/time/appserver/modules/results

Copy this file into the directory:

cp /splunkhome/share/splunk/search_mrsparkle/modules/results/EventsViewer_ def ault_renderer.html .

Then edit EventsViewer_default_renderer.html

Starting on line 72 there is an if statement. Modify line 73 so that the whole if statement looks like this:

    % if i18n.current_lang_url_component()=="en-US":
        ${(event.time.strftime('%d/%m/%Y

%H:%M:%S'))} % else: ${i18n.format_datetime_microseconds(event.time)} % endif

Restart splunk via ./splunk restart

This way, when you upgrade the time format will not be changed back. The only drawback to this is that when upgrading if there are huge changes in the original EventsViewer_default_renderer.html file you might need to perform this change once again.

View solution in original post

Reply
Solved! Jump to solution

bjarnedein
Explorer
‎10-01-2020 04:44 AM

This was how to change the timestamp, what about number formats?
How and where do you change the thousand separator from comma to dot, and vise versa the decimal separator from dot to comma.

See - that would change my (and a whole lot others) world to a new dimension!

0 Karma
Reply
Solved! Jump to solution

Lucas_K
Motivator
‎10-17-2017 06:21 PM

6 years on and there is no update to having this as a standard feature or supported config option.

Latest versions also break the previous work arounds above.

Anyone have this working correctly in 6.6.3+?

0 Karma
Reply
Solved! Jump to solution

BorisGrochalski
Explorer
‎04-08-2020 06:36 AM

See https://answers.splunk.com/answers/463655/change-default-language.html for a workaround of hardcoding your locale in Splunk 7.x and 8.x
Also consider voting for this idea/change request to get this conf option finally implemented into the product:
Per user UI language and date/time settings

0 Karma
Reply
Solved! Jump to solution

tweaktubbie
Communicator
‎12-28-2016 03:14 AM

I wonder if anyone has a workaround (that works after upgrades) or info from Splunk on how this is fixed or not?

A workaround that partly worked for me was editing ../etc/system/local/web.conf and under [settings] add
tools.proxy.base = https:// (full URL}:{portnumber}/en-GB/

Side effect was that clicking the top left Splunk> logo lead to {full URL}:{portnumber}/en-GB//en-GB/ (double slash indeed)
Editing files like this sounds a bit open source; should be some default in the web.conf you can add.
I do not want to force all users into en-GB; if they want to use en-US by specifying it in the URL that's fine. The problem is my browser(s) Chrome and IE11 make splunk believe it's en-US.

Still I wonder why setting your Time Zone in the UI /manager/nn/authentication/users does not affect your default locale settings.

0 Karma
Reply
Solved! Jump to solution
Solution

gljiva
Path Finder
‎02-01-2011 02:04 PM

Here is a response from Splunk team:

First create a new application within your splunk instance:

pwd /splunkhome/etc/apps

Make new app directory by:

mkdir time mkdir time/appserver mkdir time/appserver/modules/

pwd /splunkhome/etc/apps/time/appserver/modules/results

Copy this file into the directory:

cp /splunkhome/share/splunk/search_mrsparkle/modules/results/EventsViewer_ def ault_renderer.html .

Then edit EventsViewer_default_renderer.html

Starting on line 72 there is an if statement. Modify line 73 so that the whole if statement looks like this:

    % if i18n.current_lang_url_component()=="en-US":
        ${(event.time.strftime('%d/%m/%Y

%H:%M:%S'))} % else: ${i18n.format_datetime_microseconds(event.time)} % endif

Restart splunk via ./splunk restart

This way, when you upgrade the time format will not be changed back. The only drawback to this is that when upgrading if there are huge changes in the original EventsViewer_default_renderer.html file you might need to perform this change once again.

Reply
Solved! Jump to solution

nlapier2
Path Finder
‎06-06-2014 07:47 AM

I've been trying to use this fix in version 6.1.1 and it's not working. I followed the instructions exactly and even changed the default one as well. Does anyone have any idea how to make this work in splunk 6.1.1?

Reply
Solved! Jump to solution

ssbarnea
Explorer
‎03-18-2014 03:37 AM

This seems like a bad joke workaround for a missing essential feature. The should should default to ISO-8601 by default anyway, without having to patch it to have standard date-time values.

Reply
Solved! Jump to solution

w531t4
Path Finder
‎01-03-2014 10:39 AM

if anyone is wondering - this still works in 5.0.4. We used the following string.

${(event.time.strftime('%Y-%m-%d %H:%M:%S.%f')[:-3]).replace(' ', '
', 1).replace(' ', ' ')}

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎01-31-2011 09:04 PM

As far as I know the way you did with editing i18n.py is the only way to go for now. I filed a bug about this a few months ago, hopefully the default locale will be configurable in a future release.

Reply
Solved! Jump to solution

rroberts
Splunk Employee
Splunk Employee
‎10-23-2012 11:40 AM

I have found en_GB, en_US, it_IT, ja_JP, ko_KR , zh_CH and zh_TW OOTB in Splunk's locale folder. Anyone have a Spanish or Portuguese package?

0 Karma
Reply
Solved! Jump to solution

dlisicre
Explorer
‎04-11-2016 08:35 AM

RRoberts, did you find Spanish package?

0 Karma
Reply
Solved! Jump to solution

ftk
Motivator
‎01-03-2011 04:26 PM

Have you tried accessing splunk via http://splunk:8000/en-GB/ instead of en-US?

Reply
Solved! Jump to solution

gljiva
Path Finder
‎01-03-2011 11:34 PM

Yes, and that works as mentioned. Problem is I wan't to allow users to use GB type of timestampes even if they use US locale. That's why I tried replacing en_US with en_GB without success.

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...