Re: Time zone conversion.

nareshvanka · ‎01-24-2020

Hello,

please help on below query

i have data that start time and end time in system location but users are in different location . i want these timings based on user location. below sample executed but i want to include day light saving time also

| eval ts1 = strptime(dv_start_date_time, "%Y-%m-%d %H:%M:%S")
| eval ts2 = strptime(dv_end_date_time, "%Y-%m-%d %H:%M:%S")
| eval shift_on_call1 = if(dv_time_zone = "Europe/London", relative_time(ts1,"+5h"), if(dv_time_zone = "US/Pacific", relative_time(ts1,"+6h"),relative_time(ts1,"+7h")))
| eval shift_on_call2 = if(dv_time_zone = "Europe/London", relative_time(ts2,"+5h"), if(dv_time_zone = "US/Pacific", relative_time(ts2,"+6h"),relative_time(ts2,"+7h")))

snallam123 · ‎01-24-2020

[your query]
 |eval NewTimeZone = _time + (12 * 60 * 60)
 | convert ctime(NewTimeZone)

Replace 12 by (+ or - time difference in your timezone)

nickhills · ‎01-24-2020

If your data is indexed correctly (with the origin timezone correctly set) you can change each users timezone in the Splunk UI - this will adjust all times displayed to the user in thier local offset.

If my comment helps, please give it a thumbs up!

Time zone conversion.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation