What is the best way to compensate the hour shift ...

jcorcoran508 · ‎10-21-2022

I have this request to build a report

7am - 1900 Monday-Friday CST

Sat 7am - noon CST

Splunk is running on UTC - depending on the season the daylight savings 1 hour shift is 6hours or 5hours.

what is the best way to compensate the hour shift as the daylight savings time comes and goes yearly ?

ITWhisperer · ‎10-21-2022

What do you mean by compensate?

Splunk store event timestamps in UTC, but these timestamps come from splunk's interpretation of the data in the events, which may or may not already be UTC or they could be local time and may or may not have timezone information to help splunk determine how to convert to UTC - is this where you want to "compensate" for daylight saving adjustments?

Splunk often displays times in local format, which takes daylight saving adjustments into account - is this where you want to "compensate" for daylight saving adjustments?

Please expand on your usecase - what is it you are trying to do?

What is the best way to compensate the hour shift as the daylight savings time comes and goes yearly?

eval

field extraction

metadata

regex

stats

timechart

Splunk Observability for AI

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

Join the Conversation

What is the best way to compensate the hour shift as the daylight savings time comes and goes yearly?