Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

mass update of the users timezone

damucka
Builder
‎04-21-2020 03:50 AM

Hello,

I have following issue:
- I am located with most of my users in CET zone. For 2 years until last week all looked fine in respect to the timezone of the users. I know this option is not there, but the system, although itself having the UTC, behaved as if it would recognize the users location and presenting the CET in the searches.
- Like week back, i have no clue why, the system decided to present the GMT timezone to the users in searches. Well, when I go to the user properties it will be the "Default System Timezone" there, so one could say it behaves as expected.

My questions would be:
- is there any possibility that Splunk detects the time zone of the user based e.g. on the browser settings?
- If not, how would I mass change it for my users to CET? Clicking through the user settings one by one is not much fun
- Theoretically I could make a change for all users:

etc/system/local/user-prefs.conf
[default]
 # Only canonical timezone names such as America/Los_Angeles are allowed
  tz = America/Los_Angeles

The question is what the correct canonical timezone name for CET would be?
tz = Europe/Berlin ?

Kind Regards,
Kamil

Tags (1)
0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-21-2020 04:18 AM

Hi,

You can try to configure $SPLUNK_HOME/etc/apps/user-prefs/local/user-prefs.conf with below configuration (I have not tested this but it should work)

[general]
tz = <timezone>
* Specifies the per-user timezone to use
* If unset, the timezone of the Splunk Server or Search Head is used.
* Only canonical timezone names such as America/Los_Angeles should be
  used (for best results use the Splunk UI).
* Defaults to unset.

OR

[general_default]
tz = <timezone>

As CET timezone is for Europe, you can check list of all available timezone in Europe on https://en.wikipedia.org/wiki/List_of_tz_database_time_zones and accordingly set tz in user-prefs.conf

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...