Getting Data In

Need guidance with props Time Zone settings

Glasses2
Communicator

Hi,

I am forced to set individual TZ for individual hosts in a SeverClass because the hosts' OS time is not standardized.

I have noticed TZ = US/Eastern, TZ = US/Central, and TZ = US/Pacific, all account for Daylight Savings Time automatically.

However, I have servers in the following Time Zones and I am hoping someone can confirm what TZ settings I should use to automatically adjust for DST.


AUS/Eastern <<< using TZ=Australia/Sydney
AWST <<< using TZ=Australia/West
Etc/GMT+12  <<<< cannot find alternate
GB (for UK BST)  <<<< using TZ=GB (for UK locations w/ BST)
HKT <<<< cannot find alternate

Hopefully that is correct...

I was given these by the host admin.

 Please refer me to doc, as I don't find these TZs in Splunk docs, other than a ref to wikipedia.

 

Thank you

Labels (2)
Tags (1)
0 Karma
1 Solution

tscroggins
Influencer

Hi,

The Wikipedia page is a fine reference for the time zone database: <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>.

AUS/Eastern => TZ=Australia/Sydney
AWST => TZ=Australia/West
Etc/GMT+12  => either TZ=Etc/GMT+12 (no DST) or TZ=Pacific/Auckland (for New Zealand)
GB (for UK BST)  => TZ=Europe/London
HKT => TZ=Asia/Hong_Kong (no DST in Hong Kong)

Splunk will convert the forwarder's local time to Unix epoch (UTC) time, and the Splunk user interface will convert _time to the user's preferred time zone wherever the user interface displays the time.

View solution in original post

0 Karma

tscroggins
Influencer

Hi,

The Wikipedia page is a fine reference for the time zone database: <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>.

AUS/Eastern => TZ=Australia/Sydney
AWST => TZ=Australia/West
Etc/GMT+12  => either TZ=Etc/GMT+12 (no DST) or TZ=Pacific/Auckland (for New Zealand)
GB (for UK BST)  => TZ=Europe/London
HKT => TZ=Asia/Hong_Kong (no DST in Hong Kong)

Splunk will convert the forwarder's local time to Unix epoch (UTC) time, and the Splunk user interface will convert _time to the user's preferred time zone wherever the user interface displays the time.

0 Karma

Glasses2
Communicator

Curious, is TZ=GB for UK valid or did I misread something?

0 Karma

tscroggins
Influencer

GB is a valid alias for Europe/London according to the zone database. TZ=GB should have worked. I personally prefer to use the canonical names, but as long as the name is valid, it should work.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...