Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Rules Time Zones

astatrial
Contributor
‎02-18-2021 04:27 AM

Hi All,

I need to build a rule that alerts for specific activity by specific user past working hours.

For example:

I want to alert when user "Dani" logs in to the computer not between 7:00 - 18:00.

The problem is that the user is not in the same time zone as me.

So login logs at 19:00 in my time zone can be actually at 14:00 in the other user time zone.

-  Does anyone know what is the time zone that the rules go by?

-  Is it set by the configuration of the user that the rule is running as? 

 

Thanks ! 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-18-2021 05:45 AM

Yes, the rules use the time zone of the user running the rule.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

astatrial
Contributor
‎02-18-2021 06:15 AM

Thanks for the fast reply.

 

If the time zone of the user is changed? Does it also changed for the rules?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-18-2021 06:58 AM

Yes

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...