Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

strptime using 2020-03-08T02:00:21is 1 hour off

paulerlong
Explorer
‎04-07-2021 01:08 PM

The following query returns a result that is one hour off.

| makeresults
| eval timestr="2020-03-08T02:00:21"
| eval unixtime=strptime(timestr, "%Y-%m-%dT%H:%M:%S")
| eval convertedBackToString=strftime(unixtime, "%Y-%m-%dT%H:%M:%S")
| table timestr, unixtime, convertedBackToString

If I change the date or hour, it works correctly.  But any time (I didn't try them all) in the 2 o'clock range and strptime returns the wrong value.  This happens on Splunk Enterprise   8.1.3 and my previous version which I think was 8.0.2.  This works correctly on 7.3.11.

Can somebody confirm this is a bug?

Thanks,

Paul

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎04-08-2021 09:00 AM

I retracted my answer when I realized DST changed on 7 Mar 21 rather than 8 Mar 21.

I think your only option for changing the time zone on free Splunk is to change the time on your machine.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

paulerlong
Explorer
‎04-07-2021 02:07 PM

Forgot to add the result I see.  Timestr and convertedBackToString should be identical, I think, but they are not.

paulerlong_0-1617829608152.png

 

0 Karma
Reply
Solved! Jump to solution

paulerlong
Explorer
‎04-08-2021 08:09 AM

I saw a response, but it was retracted.  However, I think it was correct.  3/8 2020 was when the clock changed for EST timezone.  Therefore 2:00AM-3:00AM doesn't exist.  On the server I can configure the timezone to GMT, which I do, so it worked properly in that environment.

However, now I can't figure out how to change the time zone from the Splunk Enterprise running on my local machine.  It's a free version, so I can't add a user to set the time zone info.  So how can I configure this local version of Splunk Enterprise to use GMT?

Thanks,

Paul

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎04-08-2021 09:00 AM

I retracted my answer when I realized DST changed on 7 Mar 21 rather than 8 Mar 21.

I think your only option for changing the time zone on free Splunk is to change the time on your machine.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

paulerlong
Explorer
‎04-08-2021 11:09 AM

My date is is from 2020, and that year the change coincides with the time.  

Bummer about changing the system timezone.   That's a big change just to get splunk to work correctly.  Hopefully they can address this moving forward.  

Thanks for the help!

Paul

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...