Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Timezones differ for User's position and internal events timestamps

amantjes
New Member
‎06-15-2017 01:55 AM

Hi all,
In our case timestamps within the splunk events are standard GMT

where people working from different timezones, the event time itself and the timestamps within the events differ. Is there a best practise to get those timestamps equal no matter where somebody is working in the world ?
Of course you can set user settings to the standard GMT for having those time equal but we want to have this translated to every timezone a user is in.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎06-15-2017 02:46 PM

You have to tell Splunk how to convert the timestamp strings inside of each event to GMT, using TZ settings in props.conf and then each user should set his own personal value in <My User Name> -> Account settings -> Time zone. Then each user's personal timezone settings will be used for yesterday, etc.

0 Karma
Reply

DalJeanis
Legend
‎06-15-2017 09:15 AM

Good choice to have the timestamps in GMT. Splunk defaults to that for the event _time, but if you have all your servers set to that as well, you simplify your life immensely.

Honestly, this is a user education issue. If you attempt to mask the real data as if it was always in local time (no matter where it happened, or where it was being viewed) then you are just adding a massive technical problem, confusing everyone on what the actual form of the event is, and simultaneously multiplying your training problems.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...