Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Timezone configuration with daylight savings time

StefanW
Path Finder
‎04-12-2021 10:37 PM

Hello,

since daylight savings time is active we have a time offset for our events.

For example, we use das splunk stream addon to ingest netflow data. 

Within the Events, the timestamp is configured "2021-04-13T05:32:31Z". For my understanding with Z for zulu (UTC)

But if i search for events my _time is 07:32:31. two hours later.. Our timezone is Europe/Berlin.

How can i get this fixed? In the sourcetype of stream_netflow is the timestamp configured to auto.

The OS time from the indexer/search head or universal forwarder are correct to CEST and the time is also correct.

 

We have several other sourcestypes where the time offset is around 1 or 2 hours.

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...