Re: Time zone conversion.

nareshvanka · ‎01-24-2020

Hello,

please help on below query

i have data that start time and end time in system location but users are in different location . i want these timings based on user location. below sample executed but i want to include day light saving time also

| eval ts1 = strptime(dv_start_date_time, "%Y-%m-%d %H:%M:%S")
| eval ts2 = strptime(dv_end_date_time, "%Y-%m-%d %H:%M:%S")
| eval shift_on_call1 = if(dv_time_zone = "Europe/London", relative_time(ts1,"+5h"), if(dv_time_zone = "US/Pacific", relative_time(ts1,"+6h"),relative_time(ts1,"+7h")))
| eval shift_on_call2 = if(dv_time_zone = "Europe/London", relative_time(ts2,"+5h"), if(dv_time_zone = "US/Pacific", relative_time(ts2,"+6h"),relative_time(ts2,"+7h")))

snallam123 · ‎01-24-2020

[your query]
 |eval NewTimeZone = _time + (12 * 60 * 60)
 | convert ctime(NewTimeZone)

Replace 12 by (+ or - time difference in your timezone)

nickhills · ‎01-24-2020

If your data is indexed correctly (with the origin timezone correctly set) you can change each users timezone in the Splunk UI - this will adjust all times displayed to the user in thier local offset.

If my comment helps, please give it a thumbs up!

Time zone conversion.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation