Where can I find a list of all possible and valid TZ options for props.conf?
TZ
props.conf
http://docs.splunk.com/Documentation/Splunk/latest/Data/Applytimezoneoffsetstotimestamps
Refer to the zoneinfo database for all permissible TZ values: http://en.wikipedia.org/wiki/List_of_zoneinfo_timezones
View solution in original post
Programatically, for your Splunk instance, here:
| rest/servicesNS/-/search/data/ui/manager | regex eai:data="Time zone" | head 1 | rename eai:data AS _raw | table _raw | rex mode=sed "s/(?ms)^.*Default System Timezone --\"\/>[\s\r\n]+(.*?)<\/options>.*$/\1/" | eval raw=split(_raw, "<opt value=") | mvexpand raw | rex field=raw "^\"(?<value>[^\"]+)\"\s+label=\"(?<label>[^\"]+)\"" | fields - _raw raw | search label="*" AND value="*"
Hi @woodcock Programatically meaning, on the splunk query itself, we can view different timezones ah
Programatically
Right. You can see what splunk supports natively.
