Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Timezones differ for User's position and internal events timestamps

amantjes
New Member
‎06-15-2017 01:55 AM

Hi all,
In our case timestamps within the splunk events are standard GMT

where people working from different timezones, the event time itself and the timestamps within the events differ. Is there a best practise to get those timestamps equal no matter where somebody is working in the world ?
Of course you can set user settings to the standard GMT for having those time equal but we want to have this translated to every timezone a user is in.

Tags (1)
0 Karma
Reply

woodcock
Esteemed Legend
‎06-15-2017 02:46 PM

You have to tell Splunk how to convert the timestamp strings inside of each event to GMT, using TZ settings in props.conf and then each user should set his own personal value in <My User Name> -> Account settings -> Time zone. Then each user's personal timezone settings will be used for yesterday, etc.

0 Karma
Reply

DalJeanis
Legend
‎06-15-2017 09:15 AM

Good choice to have the timestamps in GMT. Splunk defaults to that for the event _time, but if you have all your servers set to that as well, you simplify your life immensely.

Honestly, this is a user education issue. If you attempt to mask the real data as if it was always in local time (no matter where it happened, or where it was being viewed) then you are just adding a massive technical problem, confusing everyone on what the actual form of the event is, and simultaneously multiplying your training problems.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...