Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

desfased server hour

rjfv8205
Path Finder
‎04-12-2019 09:41 AM

Hello splunkers, I have this search:

index = "sti" sourcetype = "Genera_AVI" | fields _time | head 1 | eval tiempo = strftime(now(),"%H:%M:%S") | table tiempo

now() show following time:

13:36:15

But actually it's 12:36

Is it problem with server hour? Where I change it? I have a cluster indexer

Tags (1)
0 Karma
Reply

Vijeta
Influencer
‎04-12-2019 09:48 AM

check your account settings for timezone, probably its set to EST and you are in CST zone?

0 Karma
Reply

rjfv8205
Path Finder
‎04-12-2019 10:05 AM

This changed only my account.

Exist a way to change for all users?

0 Karma
Reply

Vijeta
Influencer
‎04-12-2019 10:18 AM

@rjfv8205 You can let the users change their own timezones. If you want to forcefully change all users timezones then you need to modify user-prefs.conf for all users. See this link below , may be of help-

https://answers.splunk.com/answers/126350/change-multiple-users-timezone.html

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...