Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Need guidance with props Time Zone settings
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am forced to set individual TZ for individual hosts in a SeverClass because the hosts' OS time is not standardized.
I have noticed TZ = US/Eastern, TZ = US/Central, and TZ = US/Pacific, all account for Daylight Savings Time automatically.
However, I have servers in the following Time Zones and I am hoping someone can confirm what TZ settings I should use to automatically adjust for DST.
AUS/Eastern <<< using TZ=Australia/Sydney
AWST <<< using TZ=Australia/West
Etc/GMT+12 <<<< cannot find alternate
GB (for UK BST) <<<< using TZ=GB (for UK locations w/ BST)
HKT <<<< cannot find alternate
Hopefully that is correct...
I was given these by the host admin.
Please refer me to doc, as I don't find these TZs in Splunk docs, other than a ref to wikipedia.
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The Wikipedia page is a fine reference for the time zone database: <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>.
AUS/Eastern => TZ=Australia/Sydney
AWST => TZ=Australia/West
Etc/GMT+12 => either TZ=Etc/GMT+12 (no DST) or TZ=Pacific/Auckland (for New Zealand)
GB (for UK BST) => TZ=Europe/London
HKT => TZ=Asia/Hong_Kong (no DST in Hong Kong)
Splunk will convert the forwarder's local time to Unix epoch (UTC) time, and the Splunk user interface will convert _time to the user's preferred time zone wherever the user interface displays the time.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The Wikipedia page is a fine reference for the time zone database: <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>.
AUS/Eastern => TZ=Australia/Sydney
AWST => TZ=Australia/West
Etc/GMT+12 => either TZ=Etc/GMT+12 (no DST) or TZ=Pacific/Auckland (for New Zealand)
GB (for UK BST) => TZ=Europe/London
HKT => TZ=Asia/Hong_Kong (no DST in Hong Kong)
Splunk will convert the forwarder's local time to Unix epoch (UTC) time, and the Splunk user interface will convert _time to the user's preferred time zone wherever the user interface displays the time.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Curious, is TZ=GB for UK valid or did I misread something?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
GB is a valid alias for Europe/London according to the zone database. TZ=GB should have worked. I personally prefer to use the canonical names, but as long as the name is valid, it should work.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
