Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

strptime using 2020-03-08T02:00:21is 1 hour off

paulerlong
Explorer
Wednesday

The following query returns a result that is one hour off.

| makeresults
| eval timestr="2020-03-08T02:00:21"
| eval unixtime=strptime(timestr, "%Y-%m-%dT%H:%M:%S")
| eval convertedBackToString=strftime(unixtime, "%Y-%m-%dT%H:%M:%S")
| table timestr, unixtime, convertedBackToString

If I change the date or hour, it works correctly.  But any time (I didn't try them all) in the 2 o'clock range and strptime returns the wrong value.  This happens on Splunk Enterprise   8.1.3 and my previous version which I think was 8.0.2.  This works correctly on 7.3.11.

Can somebody confirm this is a bug?

Thanks,

Paul

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
Thursday

I retracted my answer when I realized DST changed on 7 Mar 21 rather than 8 Mar 21.

I think your only option for changing the time zone on free Splunk is to change the time on your machine.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

paulerlong
Explorer
Wednesday

Forgot to add the result I see.  Timestr and convertedBackToString should be identical, I think, but they are not.

paulerlong_0-1617829608152.png

 

0 Karma
Reply
Solved! Jump to solution

paulerlong
Explorer
Thursday

I saw a response, but it was retracted.  However, I think it was correct.  3/8 2020 was when the clock changed for EST timezone.  Therefore 2:00AM-3:00AM doesn't exist.  On the server I can configure the timezone to GMT, which I do, so it worked properly in that environment.

However, now I can't figure out how to change the time zone from the Splunk Enterprise running on my local machine.  It's a free version, so I can't add a user to set the time zone info.  So how can I configure this local version of Splunk Enterprise to use GMT?

Thanks,

Paul

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
Thursday

I retracted my answer when I realized DST changed on 7 Mar 21 rather than 8 Mar 21.

I think your only option for changing the time zone on free Splunk is to change the time on your machine.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

paulerlong
Explorer
Thursday

My date is is from 2020, and that year the change coincides with the time.  

Bummer about changing the system timezone.   That's a big change just to get splunk to work correctly.  Hopefully they can address this moving forward.  

Thanks for the help!

Paul

0 Karma
Reply
Get Updates on the Splunk Community!