Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how do I get Splunk's timezone settings via Python?

awurster
Contributor
‎07-14-2015 04:44 PM

i want to log activity of what a script is doing into an index.

i'm creating current time with a datetime object in python:

now = datetime.datetime.now()
now.strftime("%Y-%m-%d %H:%M:%S %Z")

now i do know strftime has limited support for timezones... but without a timezone the log message might not get parsed correctly AFAIK, and is probably not a Good Thing to leave it off.

how can i access what Splunk thinks the host server's timezone is (independent of individual user settings, etc)? whether it's REST endpoint in Splunk, an SDK variable / function, or some native Python function doesn't matter to me.

0 Karma
Reply

woodcock
Esteemed Legend
‎07-14-2015 08:15 PM

If you have done the right thing and configured a TZ= value in your props.conf for every source (except for some scripted inputs from TA apps), then you can check the date_zone field to see what Splunk thinks is the TZ for each event. If you see local then this means that the TZ of the indexer (or heavy forwarder) was used (which is usually bad/wrong). You are mistaken to think that Splunk "has a TZ" because it doesn't; all Splunk times are stored in GMT-based epoch (TZ=0) so you should never need to do any TZ manipulation if you are dealing with the _time field.

0 Karma
Reply

awurster
Contributor
‎07-14-2015 08:47 PM

thanks but i'm mostly just looking for a pythonic way to access the local system's timezone.

i'm writing logs to ~/var/log/splunk/foo.log which lands in the server's _internal index. it might be redundant to log a TZ, but i still am curious what the answer is.

i should also clarify that i'd like to do it natively as much as possible, without requiring a 3rd party lib like pytz to be bundled with my add-on.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...