How to convert GMT timestamp to EST? - Splunk Community

Splunk Search

All of my splunk events have the timestamp GMT. How do I evaluate _time to show EST? I was thinking of using:

eval n=strftime(_time, "%H:%M %d/%m/%y %Z")

But have it be in EST instead of GMT?

Hello there,

many answers in this portal, here are couple:
https://answers.splunk.com/answers/4279/timezone-and-timestamp-modification-at-search-report-time.ht...
https://answers.splunk.com/answers/58027/change-timezone-of-logs.html

also in docs:
https://docs.splunk.com/Documentation/Splunk/7.0.3/Data/Applytimezoneoffsetstotimestamps
https://docs.splunk.com/Documentation/Splunk/7.0.3/SearchReference/Commontimeformatvariables

if it only apply to you as a user, you can change your user default time zone to EST and you supposed to see timestanps as EST

hope it helps

Get Updates on the Splunk Community!

Index This | What did the zero say to the eight?

June 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this month’s ...

Splunk Observability Cloud's AI Assistant in Action Series: Onboarding New Hires & ...

This is the fifth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Now Playing: Splunk Education Summer Learning Premieres

It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...