![]() However, the values in the _time field are actually stored in UNIX time. In Splunk user interfaces, the values in the _time field appear in a human-readable format in the UI. The difference between GMT and PST is 8 hours. When daylight saving time is over, Pacific Standard Time (PST) is used. See Select time ranges to apply to your search and Specify time modifiers in your search.īecause event timestamps are stored in UNIX time, your searches return a consistent set of results regardless of the time zone you are in.įor example, if you search from 12:00 to 14:00 PDT (Pacific Daylight Time), that is the same as searching from 19:00 to 21:00 GMT (Greenwich Mean Time) which is 7 hours ahead of PDT. When you specify a time in your search, either by using the time range picker or using time modifiers, the time that you specify is converted into UNIX time for processing. However, for display purposes the values in the _time field are shown in a human-readable format. The values in the timestamp field in the sample data file are converted to UNIX time and stored in the _time field when the data is indexed. Let's use a set of test data that contains 35 events with various timestamps. When data is indexed and added to your Splunk instance, the Splunk indexer assumes that any timestamps in the data are in the same time zone as your Splunk instance. For example, the United Kingdom uses GMT for most of the year, but switches to British Summer Time (BST) during the summer months. However, some of the countries that use GMT switch to different time zones during their DST period.
0 Comments
Leave a Reply. |