- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Need guidance with props Time Zone settings
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am forced to set individual TZ for individual hosts in a SeverClass because the hosts' OS time is not standardized.
I have noticed TZ = US/Eastern, TZ = US/Central, and TZ = US/Pacific, all account for Daylight Savings Time automatically.
However, I have servers in the following Time Zones and I am hoping someone can confirm what TZ settings I should use to automatically adjust for DST.
AUS/Eastern <<< using TZ=Australia/Sydney
AWST <<< using TZ=Australia/West
Etc/GMT+12 <<<< cannot find alternate
GB (for UK BST) <<<< using TZ=GB (for UK locations w/ BST)
HKT <<<< cannot find alternate
Hopefully that is correct...
I was given these by the host admin.
Please refer me to doc, as I don't find these TZs in Splunk docs, other than a ref to wikipedia.
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The Wikipedia page is a fine reference for the time zone database: <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>.
AUS/Eastern => TZ=Australia/Sydney
AWST => TZ=Australia/West
Etc/GMT+12 => either TZ=Etc/GMT+12 (no DST) or TZ=Pacific/Auckland (for New Zealand)
GB (for UK BST) => TZ=Europe/London
HKT => TZ=Asia/Hong_Kong (no DST in Hong Kong)
Splunk will convert the forwarder's local time to Unix epoch (UTC) time, and the Splunk user interface will convert _time to the user's preferred time zone wherever the user interface displays the time.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The Wikipedia page is a fine reference for the time zone database: <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>.
AUS/Eastern => TZ=Australia/Sydney
AWST => TZ=Australia/West
Etc/GMT+12 => either TZ=Etc/GMT+12 (no DST) or TZ=Pacific/Auckland (for New Zealand)
GB (for UK BST) => TZ=Europe/London
HKT => TZ=Asia/Hong_Kong (no DST in Hong Kong)
Splunk will convert the forwarder's local time to Unix epoch (UTC) time, and the Splunk user interface will convert _time to the user's preferred time zone wherever the user interface displays the time.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Curious, is TZ=GB for UK valid or did I misread something?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
GB is a valid alias for Europe/London according to the zone database. TZ=GB should have worked. I personally prefer to use the canonical names, but as long as the name is valid, it should work.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
