Products/Services
product
- Why choose Splunk
- Installation record
- price
- Splunk Enterprise Security
- Splunk Phantom (SOAR)
- Splunk ITSI (Next Generation IT Operations)
- Splunk Observability Cloud
- Splunk UBA
- Macnica CSIRT App Basic
- App for Splunk for Financial Institutions
- Splunk Analytics for Hadoop
- About Apps
- Splunk Edge Hub
- What is Splunk
service
- Dashboard/SPL Creation Pack [Implementation/Building Support]
- Version upgrade service [implementation and construction support]
- Smart Security Monitoring App [Original App/Service]
- Splunk × LANSCOPE Original App [Original App/Service]
- Security Monitoring App for Box [Original App/Service]
- Cloud Security Monitoring App [Original App/Service]
- List of services
- Macnica Premium Support for Splunk (utilization support, version upgrade monitoring)
Specifications/Technical Information
Specifications/Technical Information
Evaluation machine application/FAQ
Application for evaluation machine
- FAQ
Priority to recognize the timezone of ingested data
- release date
- 2019.09.04
- last updated
- 2024-01-11
- version
- Splunk Enterprise 9.1.1
- Overview
-
Splunk has the ability to automatically recognize and extract time zones when ingesting data.
The order of precedence for extracting a time zone is as follows:1. The time zone specified in the imported data
2.Timezone specified in props.conf
3. Forwarder's system time zone
4. Indexer system timezone
- Reference information
- content
-
Priority to recognize the timezone of ingested data
Splunk recognizes the time zone of ingested data preferentially from item 1 below.
- When time zone information is described in one event of imported data
(e.g. PST, -0800), it recognizes in the stated timezone. - If you specify the time zone of the data to be imported with the "TZ" parameter in props.conf, it will be recognized in the specified time zone.
*If you are using a universal forwarder, the props.conf of the indexer will be used.
*If you are using a heavy forwarder, the props.conf of the heavy forwarder will be used. - If you are using a universal forwarder of version 6.0 or later or a heavy forwarder to import, it will recognize the time zone of the OS on which the forwarder is running.
- It is recognized by the time zone of the OS on which the indexer is running.
that's all
- When time zone information is described in one event of imported data
In charge of Macnica Splunk Co., Ltd.
- TEL:045-476-2010
- E-mail:splunk-sales@macnica.co.jp
Weekdays: 9:00-17:00
