Solved: Re: How can i change the time format in Splunk web...

Ayn · ‎03-02-2010

The default time format when showing logs in the web interface is mm/dd/yyyy and the time specified in 12h format. At my location (as in many other places outside the US or UK) another time format is used, dd/mm/yyyy + 24h time. How can I change so that the timestamps are presented in this format instead?

Ron_Naken · ‎03-02-2010

You should be able to change this by specifying the locale ID in your URL when you access Splunk. Splunk URL's are in this format:

http://my.url.com:8000/[locale ID]/...

For instance, in the US, your Splunk server is most likely accessed with the en-US locale ID. For Great Britain, this would be en-GB. i.e. http://my.url.com:8000/en-GB

HTH, Ron

View solution in original post

dwaddle · ‎10-05-2011

The Splunk docs @Simon refers to cover changing the message tags fairly well, but don't really speak to changing locale items like date/time formatting. The babel toolkit (which Splunkweb seems to depend on for some of this) has a whole series of separate localization configuration files located in $SPLUNK_HOME/lib/python2.6/site-packages/babel/localedata. These appear to be python pickled dictionaries. They could be edited, but not trivially. Anyone trying to do this needs to have a firm grasp on Python, babel and chunks of the unicode standards. It's definitely nontrivial, and nothing I'd attempt without a lot of testing.

Simon · ‎05-26-2010

Hi all

Looking for the same options.

As here in Switzerland we got still another time format as in Great Britain (for example: 26.05.2010 12:22:13.671 instead of 26/05/2010 12:22:13.671) I'm still searching for a way to change the format.

In the docs I found a way to create an own translation (http://www.splunk.com/base/Documentation/latest/Developer/TranslateSplunk) but I'm not very familiar with these "pot" and "mot" files. Is there a way to just adjust the timestamp format in the translation files?

Thanks for helping Simon

Ron_Naken · ‎03-02-2010

You should be able to change this by specifying the locale ID in your URL when you access Splunk. Splunk URL's are in this format:

http://my.url.com:8000/[locale ID]/...

For instance, in the US, your Splunk server is most likely accessed with the en-US locale ID. For Great Britain, this would be en-GB. i.e. http://my.url.com:8000/en-GB

HTH, Ron

grijhwani · ‎06-03-2016

Years on and this is - as far as I can tell - haunting us.

The choice of 24 hour clock isn't regional. Nor is, say, the preference for ISO dates. There needs to be an easy way to set the base standard for the local search instance.

w531t4 · ‎01-03-2014

I think this article has a better solution, fwiw.

http://answers.splunk.com/answers/10265/change-default-web-ui-locale

Ayn · ‎03-02-2010

Thanks! Setting to en-GB works. However default locale here is sv or sv-SE, which Splunk doesn't support (at least not out of the box). So, failing that I want to set the default locale to en-GB instead of en-US.
The only way I've found to achieve this so far is to edit lib/python2.6/site-packages/splunk/appserver/mrsparkle/lib/i18n.py and replace en-US with en-GB at the following line:
locales = parse_accept_languages(request.headers.get('accept-language', 'en-US'))

I'm guessing since it's hardcoded there is no configuration directive for this...

How can i change the time format in Splunk web?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes