Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to fix timechart issue with dates involved in between a daylight savings time change?

csepulveda
New Member
‎09-16-2014 09:35 AM

Hi guys, we have a problem when we try to use timecharts that involve dates having in between a daylight saving time change.

If I change my timezone to GMT in account preferences, the timecharts query works fine, but if I do a span=1d it shows September 6 twice and doesn't show September 7.

If i change my timezone to GMT-4 Santiago, the query fails showing NaN numbers.

The query is

: sourcetype=varnish
account_id="50aa2711a6884125020019f1"
| timechart span=1d
distinct_count(customer_id)

All our logs has time fields on UTC.

any ideas?

Thanks!.

Tags (3)
0 Karma
Reply

aweitzman
Motivator
‎09-16-2014 09:54 AM

You might be running into this problem:

http://answers.splunk.com/answers/155320/why-is-the-search-app-time-range-picker-defaulting-to-2001-...

There's something magic about September 6, based on the comments in that thread.

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...