- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Time zone conversion.
nareshvanka
Loves-to-Learn
01-24-2020
02:14 AM
Hello,
please help on below query
i have data that start time and end time in system location but users are in different location . i want these timings based on user location. below sample executed but i want to include day light saving time also
| eval ts1 = strptime(dv_start_date_time, "%Y-%m-%d %H:%M:%S")
| eval ts2 = strptime(dv_end_date_time, "%Y-%m-%d %H:%M:%S")
| eval shift_on_call1 = if(dv_time_zone = "Europe/London", relative_time(ts1,"+5h"), if(dv_time_zone = "US/Pacific", relative_time(ts1,"+6h"),relative_time(ts1,"+7h")))
| eval shift_on_call2 = if(dv_time_zone = "Europe/London", relative_time(ts2,"+5h"), if(dv_time_zone = "US/Pacific", relative_time(ts2,"+6h"),relative_time(ts2,"+7h")))
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
snallam123
Path Finder
01-24-2020
02:09 PM
[your query]
|eval NewTimeZone = _time + (12 * 60 * 60)
| convert ctime(NewTimeZone)
Replace 12 by (+ or - time difference in your timezone)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nickhills
Ultra Champion
01-24-2020
05:31 AM
If your data is indexed correctly (with the origin timezone correctly set) you can change each users timezone in the Splunk UI - this will adjust all times displayed to the user in thier local offset.
If my comment helps, please give it a thumbs up!
