Solved: setting the time format for timezone offset in pro...

kteng2024 · ‎02-20-2017

hi,

I would like extract the timezone offset in time format in props.
example time format , 2017-02-05T01:20:10.049-0500: 0.855:

TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%3N-%Z

But the above timeformat which i defined is not working. I want my timestamp in splunk to have upto 2017-02-05T01:20:10.049-0500 ignoring 0.855

bshuler_splunk · ‎02-20-2017

%Y-%m-%dT%H:%M:%S.%3N%Z

View solution in original post

bshuler_splunk · ‎02-20-2017

%Y-%m-%dT%H:%M:%S.%3N%Z

kteng2024 · ‎02-20-2017

thank you for reply but it is not working.

woodcock · ‎02-20-2017

This needs to be deployed to your indexers and splunkd restarted there and even then only events that are indexed post-restart will show the effects of the new configurations.

woodcock · ‎02-27-2017

I see that this is accepted; so is it working now?

setting the time format for timezone offset in props

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation