There are several questions about timezone configuration.
I know that splunk use the timezone information in raw event data first. But what kinds of timezone string can be used. In my test, CET, EDT, PST, GMT and GMT+0700 can be recognized, but Asia/Yerevan and Europe/Berlin can not be.
How to set splunk's global timezone to a value that different from system's. For example, the timezone of server is GMT, then how to set splunk's global timezone to GMT+0100.
If Splunk use system's timezone to get its time information, will it change correspondingly if the system's timezone is changed.
How to display timezone information in the time column of the EventsViewer module in flashtimeline?
How to specified timezone information when search in splunk web? We have a old syslog log analysis application which used to deal with log files in USA. Now we want to move all log datas to a splunk installed in a server in Deutschland. We specified timezone information in props.conf, so the times are changed to Deutsch time. But it is inconvenient for the users to change times by timezone when search in the splunk web (They should change the time string to Deutsch time before a search rather than search directly).
Whatever zoneinfo names are on your system are valid, provided your time format captures them. On Windows, Splunk ships with a copy of the zoneinfo database.
What do you mean by "Splunk global timezone" specifically? You can of course change the zone/locale for the Splunk user if you want it to run as if it were in another time zone.
Yes.
date_zone field contains the time zone offset from GMT, in minutes.
There is currently no way to have Splunk Web display time zones in anything other than the Splunk server time. However, you could set up a Splunk search head in a different time zone and search back to an indexer in a different time zone. This will display all times in the search head time zone.
