Solved: Where are Splunk valid TZ options in props.conf?

hongduan · ‎03-14-2014

Where can I find a list of all possible and valid TZ options for props.conf?

antlefebvre · ‎03-14-2014

http://docs.splunk.com/Documentation/Splunk/latest/Data/Applytimezoneoffsetstotimestamps

Refer to the zoneinfo database for all permissible TZ values: http://en.wikipedia.org/wiki/List_of_zoneinfo_timezones

woodcock · ‎11-14-2017

Programatically, for your Splunk instance, here:

| rest/servicesNS/-/search/data/ui/manager 
| regex eai:data="Time zone" 
| head 1 
| rename eai:data AS _raw 
| table _raw 
| rex mode=sed "s/(?ms)^.*Default System Timezone --\"\/>[\s\r\n]+(.*?)<\/options>.*$/\1/" 
| eval raw=split(_raw, "<opt value=") 
| mvexpand raw 
| rex field=raw "^\"(?<value>[^\"]+)\"\s+label=\"(?<label>[^\"]+)\"" 
| fields - _raw raw
| search label="*" AND value="*"

inventsekar · ‎12-13-2018

Hi @woodcock Programatically meaning, on the splunk query itself, we can view different timezones ah

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

woodcock · ‎12-14-2018

Right. You can see what splunk supports natively.

antlefebvre · ‎03-14-2014

http://docs.splunk.com/Documentation/Splunk/latest/Data/Applytimezoneoffsetstotimestamps

Refer to the zoneinfo database for all permissible TZ values: http://en.wikipedia.org/wiki/List_of_zoneinfo_timezones

Where are Splunk valid TZ options in props.conf?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Are you a member of the Splunk Community?

Where are Splunk valid TZ options in props.conf?

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0