Getting Data In

Why is timestamp different in Splunk compared to the logs and can I view the timezone setting in Splunk Web?

rais317
New Member

I have a question,

Can I view time zone setting in the Splunk web? I need to check what time zone been set in Splunk.

Example log taken from Splunk
Jan 27 08:53:39 xx.xx.xxx.xxx Jan 27 16:51:35 [2015-01-27 16:51:35.984

If you refer to example above, highlighted Italic is refer to ESX Server. ESX setting UTC Time Zone.

To more detail and make easier reader understand.
1. When I click the Splunk App and it appear Internet Explorer (Splunk > Home)
2. Then I click search
3. Then I click Data Summary and appear dialog box to me to choose which ESX. This is more interesting part because column Last Update in my Time Zone
4. After clicking one host then it appear the log report (like example)

Additional Infomation
Splunk install in Windows Server 2008 and time zone in Desktop is local time(+8). I said Splunk installation on this server due to I can see Splunk web services in this server. Lastly I check file "props.conf" not found any TZ.

Hope someone can help me regarding this.

Thanks,

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You can see and edit the time zone used to display data for your user by clicking your user name in the top bar of the Splunk UI.

Masa
Splunk Employee
Splunk Employee

Martin already answered to this question.

Additional Info.

"Why is timestamp different in Splunk compared to the logs?"
1. At index time, Splunk parse and set time stamp in epoch time.
2. At search time, Splunk search events with epoch time based on User's timezone so that user can see when the event happened based on user's time.

http://docs.splunk.com/Documentation/Splunk/6.2.1/data/Applytimezoneoffsetstotimestamps

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...