Hi,
my splunk log is falling as charlotte time.
when people from dubai or London or Denver viewwing the report.
Report need to be displayed in their time zone.
Ex : if charlotte time is 5:08 AM now when people from london viewing the dashboard at same time, then dashboard data should show 10:08 AM data, because time is changing fro zone to zone.
Thanks in Advance
Hi shankarananthth
The following link will help you just click on it and use
https://answers.splunk.com/answers/86587/convert-the-timezone-from-a-time-field.html
Hi,
I have already refereed the same link and developed the below Query.
index="way" sourcetype="transactions" source="/transactionlog/*"
| transaction fields=MessageId keepevicted=true
| stats min(_time) AS startDate, max(_time) AS endDate | convert timeformat="%F %T" ctime(*Date)
| eval max=strftime(max, "%Y-%m-%d %T")
| eval DUBAIS= strptime(startDate, "%Y-%m-%d %T") +32400
| eval DUBAIE= strptime(endDate , "%Y-%m-%d %T") +32400
| eval DUBAI_START_TIME= strftime(DUBAIS, "%Y-%m-%d %H:%M:%S")
| eval DUBAI_END_TIME= strftime(DUBAIE, "%Y-%m-%d %H:%M:%S")
| table DUBAI_START_TIME DUBAI_END_TIME
Problem which i'm facing,
How can i able to give the above query in multi-select.
I need to choose both the values need to be there in the filter.
When i choose that value it need to be reflected for entire dashboard.
Can u kindly give your valuable sugestion
Thanks in advance
Hi Chimell,
I have already refereed that link and framed the query, but now the problem i facing.
How can i give that in drop down or multi select option and make it work for entire dashboard.
Query which i framed:
index="way" sourcetype="transactions" source="/env/transactionlog/*"
| transaction fields=MessageId keepevicted=true
| stats min(_time) AS startDate, max(_time) AS endDate | convert timeformat="%F %T" ctime(*Date)
| eval max=strftime(max, "%Y-%m-%d %T")
| eval DUBAIS= strptime(startDate, "%Y-%m-%d %T") +32400
| eval DUBAIE= strptime(endDate , "%Y-%m-%d %T") +32400
| eval DUBAI_START_TIME= strftime(DUBAIS, "%Y-%m-%d %H:%M:%S")
| eval DUBAI_END_TIME= strftime(DUBAIE, "%Y-%m-%d %H:%M:%S")
| table DUBAI_END_TIME