Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to edit props or transforms to keep the UTC time but convert it to local CST time?

Log_wrangler
Builder
‎07-20-2018 11:11 AM

I have some logs rolling into splunk (via HF) in UTC time, and it is throwing off users' searching with CST (local time).

Is there a way to edit props or transforms to keep the UTC time but convert it to local CST time?

Or is that not an option?

Thank you

0 Karma
Reply
1 Solution
Solved! Jump to solution

sudosplunk
Motivator
‎07-20-2018 11:58 AM

Hi Log_wrangler,

Yes, you can achieve this by using props.conf. Be sure to push this to both UF and HF. 

[source::your_source]
TZ = US/Central
0 Karma
Reply
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...