Solved: Can you specify timezone in a REST API search?

jedatt01 · ‎11-25-2015

I'm using the REST API with a one-shot search to pull back some previously summarized information. The summary indexing was done with EST timezone so the events show up as 00:00:00 EST. The server i'm doing the REST API call from is on CST timezone. When I get the results back from the search they show up as the previous day because the timestamp ends up being 1 hour before at 23:00:00 CST - 1Day. This is completely screwing up my search results. Is there a way to force the API call to use EST timezone instead of the system default?

Note:
Changing the timezone on my server is not an option because it's a shared server.

woodcock · ‎11-25-2015

Change the Time zone setting ( My UserName -> Edit Account -> Time zone ) for the user running the search (REST API call) and set it to EST.

View solution in original post

bhatti009 · ‎05-08-2020

You can have Splunk server return UTC time
'original query' | eval time=_time | fields - _time

woodcock · ‎11-25-2015

Change the Time zone setting ( My UserName -> Edit Account -> Time zone ) for the user running the search (REST API call) and set it to EST.

jedatt01 · ‎11-25-2015

I tried this and it first it didn't work. I waited some more time though then restarted my webserver and cleared cache on my client and now its working. Thank you!

redflexigork · ‎03-14-2018

Can you elaborate what do you mean by clearing cache on the client?
I have the same problem, but not able to make it work with the same solution.

Can you specify timezone in a REST API search?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life