Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to convert GMT timestamp to EST?

kdimaria
Communicator
‎04-03-2018 05:46 AM

All of my splunk events have the timestamp GMT. How do I evaluate _time to show EST? I was thinking of using:

eval n=strftime(_time, "%H:%M %d/%m/%y %Z")

But have it be in EST instead of GMT?

0 Karma
Reply

adonio
Ultra Champion
‎04-03-2018 05:58 AM

Hello there,

many answers in this portal, here are couple:
https://answers.splunk.com/answers/4279/timezone-and-timestamp-modification-at-search-report-time.ht...
https://answers.splunk.com/answers/58027/change-timezone-of-logs.html

also in docs:
https://docs.splunk.com/Documentation/Splunk/7.0.3/Data/Applytimezoneoffsetstotimestamps
https://docs.splunk.com/Documentation/Splunk/7.0.3/SearchReference/Commontimeformatvariables

if it only apply to you as a user, you can change your user default time zone to EST and you supposed to see timestanps as EST

hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
li.common.scroll-to.top