Splunk Search

desfased server hour

rjfv8205
Path Finder

Hello splunkers, I have this search:

index = "sti" sourcetype = "Genera_AVI" | fields _time | head 1 | eval tiempo = strftime(now(),"%H:%M:%S") | table tiempo

now() show following time:

13:36:15

But actually it's 12:36

Is it problem with server hour? Where I change it? I have a cluster indexer

Tags (1)
0 Karma

Vijeta
Influencer

check your account settings for timezone, probably its set to EST and you are in CST zone?

0 Karma

rjfv8205
Path Finder

This changed only my account.

Exist a way to change for all users?

0 Karma

Vijeta
Influencer

@rjfv8205 You can let the users change their own timezones. If you want to forcefully change all users timezones then you need to modify user-prefs.conf for all users. See this link below , may be of help-

https://answers.splunk.com/answers/126350/change-multiple-users-timezone.html

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...