Closed hexecute closed 5 years ago
li-wu
commented
5 years ago @hexecute In eventgensamples.py here: https://github.com/splunk/eventgen/blob/develop/splunk_eventgen/lib/eventgensamples.py#L221, the now function already deals with timezone.
You want to replay a csv sample file with _time field as timestamp and output events with correct timezone timestamp? Could you share your sample file?
hexecute
commented
5 years ago @li-wu I've attached the .conf (which I modified) which uses a sample file in the repo (sample.tutorial1). You can test this by switching the timezone parameter around and re-running. The events created have the same timestamp, no matter what the timezone parameter is.
li-wu
commented
5 years ago @hexecute , thanks for the info.
Describe the bug The
timezoneparameter doesn't do anything with "now" timestamps. The code is trying to change the timezone in these lines in timeParser [1], but it's relying on thenowandutcnowparameters. If you look through the repo [2], timeParser is never passed these two parameters in the library. Hence, timeParser always usesdatetime.datetime.now(), regardless of what thetimezoneparameter is.[1] https://github.com/splunk/eventgen/blob/710da6e5b5e9c79789c2f592ade0657cbccef17e/splunk_eventgen/lib/timeparser.py#L25-L36 [2] https://github.com/splunk/eventgen/search?q=timeParser&unscoped_q=timeParser
To Reproduce
Expected behavior The events should output in a new timezone.
Actual behavior The events output in the same timezone.
Sample files and eventgen.conf file
Do you run eventgen with SA-eventgen? No.
If you are using eventgen with pip module mode (please complete the following information):
Additional context You can Slack me. I work at Splunk.