Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you specify timezone in a REST API search?

jedatt01
Builder
‎11-25-2015 10:17 AM

I'm using the REST API with a one-shot search to pull back some previously summarized information. The summary indexing was done with EST timezone so the events show up as 00:00:00 EST. The server i'm doing the REST API call from is on CST timezone. When I get the results back from the search they show up as the previous day because the timestamp ends up being 1 hour before at 23:00:00 CST - 1Day. This is completely screwing up my search results. Is there a way to force the API call to use EST timezone instead of the system default?

Note:
Changing the timezone on my server is not an option because it's a shared server.

Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎11-25-2015 12:00 PM

Change the Time zone setting ( My UserName -> Edit Account -> Time zone ) for the user running the search (REST API call) and set it to EST.

View solution in original post

Reply
Solved! Jump to solution

bhatti009
New Member
‎05-08-2020 09:37 AM

You can have Splunk server return UTC time
'original query' | eval time=_time | fields - _time

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎11-25-2015 12:00 PM

Change the Time zone setting ( My UserName -> Edit Account -> Time zone ) for the user running the search (REST API call) and set it to EST.

Reply
Solved! Jump to solution

jedatt01
Builder
‎11-25-2015 05:53 PM

I tried this and it first it didn't work. I waited some more time though then restarted my webserver and cleared cache on my client and now its working. Thank you!

0 Karma
Reply
Solved! Jump to solution

redflexigork
Explorer
‎03-14-2018 07:36 PM

Can you elaborate what do you mean by clearing cache on the client?
I have the same problem, but not able to make it work with the same solution.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...