Splunk Search

Incorrect Time Range for @d

mchandx
Path Finder

I have a graph that displays the license usage for the day. I have the time parameter say to "@d" because I only want to see for the current day.

The problem I am having is that the counter resets at 12:00AM GMT-1. I am in GMT-5, so the counter resets at 8:00PM local time. I want the counter to reset at 12:00AM GMT-5 or 5:00AM GMT.

Here is a copy of my search:

index=_internal source=*metrics.log group=per_index_thruput series!=_* | eval totalMB = round(kb/1024, 2) | chart sum(totalMB) as total

Time is set to rt@d to rt

Tags (3)
0 Karma
1 Solution

mchandx
Path Finder

I have resolved this issue. It had nothing to do with Splunk, but rather a feature of the environment it is in.

View solution in original post

0 Karma

mchandx
Path Finder

I have resolved this issue. It had nothing to do with Splunk, but rather a feature of the environment it is in.

0 Karma

Drainy
Champion

I believe you can fix this by going to Manager -> Your account and then selecting your timezone

0 Karma

mchandx
Path Finder

I'll give this a try. Unfortunately, there is no way to know until midnight. I will also try to specify the time perameter as "rt@d-4h" and see if that helps. I'll post back tomorrow with my results.

0 Karma

Drainy
Champion

I believe it should also affect your time ranges within searches.

0 Karma

mchandx
Path Finder

This seems to only change the display. Does this also change the way the application works?

0 Karma
Get Updates on the Splunk Community!

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...

Explore the Latest Educational Offerings from Splunk [January 2025 Updates]

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...