Time zone conversion.

nareshvanka · ‎01-24-2020

Hello,

please help on below query

i have data that start time and end time in system location but users are in different location . i want these timings based on user location. below sample executed but i want to include day light saving time also

| eval ts1 = strptime(dv_start_date_time, "%Y-%m-%d %H:%M:%S")
| eval ts2 = strptime(dv_end_date_time, "%Y-%m-%d %H:%M:%S")
| eval shift_on_call1 = if(dv_time_zone = "Europe/London", relative_time(ts1,"+5h"), if(dv_time_zone = "US/Pacific", relative_time(ts1,"+6h"),relative_time(ts1,"+7h")))
| eval shift_on_call2 = if(dv_time_zone = "Europe/London", relative_time(ts2,"+5h"), if(dv_time_zone = "US/Pacific", relative_time(ts2,"+6h"),relative_time(ts2,"+7h")))

snallam123 · ‎01-24-2020

[your query]
 |eval NewTimeZone = _time + (12 * 60 * 60)
 | convert ctime(NewTimeZone)

Replace 12 by (+ or - time difference in your timezone)

nickhills · ‎01-24-2020

If your data is indexed correctly (with the origin timezone correctly set) you can change each users timezone in the Splunk UI - this will adjust all times displayed to the user in thier local offset.

If my comment helps, please give it a thumbs up!

Time zone conversion.

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)