Activity Feed
- Posted Re: problem with span command in splunk 7.2 on Splunk Search. 12-14-2021 05:05 AM
- Posted Re: problem with span command in splunk 7.2 on Splunk Search. 12-14-2021 04:21 AM
- Posted problem with span command in splunk 7.2 on Splunk Search. 12-14-2021 12:23 AM
- Tagged problem with span command in splunk 7.2 on Splunk Search. 12-14-2021 12:23 AM
- Tagged problem with span command in splunk 7.2 on Splunk Search. 12-14-2021 12:23 AM
- Tagged problem with span command in splunk 7.2 on Splunk Search. 12-14-2021 12:23 AM
- Tagged problem with span command in splunk 7.2 on Splunk Search. 12-14-2021 12:23 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
12-14-2021
05:16 AM
1 Karma
_time is usually stored as number of second since start of epoch in utc - all span does is that the time value back to the start of the current time bucket (still in utc). When you display the time it is local format, hence the half hour boundary differences in your case. You could try displaying your times in utc or potentially make the adjustment when the events are indexed or petition your government to change their time zone settings so they align with hours rather than half past or move 😀
... View more
