Azure Sentinel Logs time settings not working

Question

I have set the Date &amp; Time in my Azure Sentinel Logs Settings pane to use Local Time but whenever I run a query, I still need to change the Display time from UTC to local time.&nbsp; Correct me if I am wrong but shouldn't the Date &amp; Time in the Settings panel override the results Display Time?&nbsp;&nbsp;

sarah_young · Answer

GaryBushey&nbsp;no, in KQL queries date/time values are always expressed in UTC no matter what time zone you set your date/time zone to.
&nbsp;
More details can be found here -&nbsp;https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalar-data-types/datetime
&nbsp;
Hope that helps!
Sarah

garybushey · Answer

Sarah_Young&nbsp;Thank you for your reply however I don't think I was clear enough in my description.&nbsp;&nbsp;While initially the results are showing date/time in UTC time zone, it was my understanding, and I am pretty sure it used to work, that changing this setting would then change the time zone used to display the date/time field in the result section of the Logs page anytime you ran a new query.&nbsp; Much like you can change the time zone in the results section for each individual query you run.&nbsp;If that is the the intended use of that setting, then what is it used for?&nbsp;UPDATE: Upon further testing, it seems that the initial tab created when you first go into Logs ignores this setting but any other tabs you open uses it.

sarah_young · Answer

GaryBushey&nbsp;yes, I understand your question now. You're right that queries will default to UTC the first time you open a Log Analytics tab but you can change it here, and subsequent queries should show your local time:
&nbsp;

&nbsp;
Thanks!
Sarah

garybushey · Answer

Sarah_Young&nbsp;Thank you for your reply.&nbsp; I am aware of that functionality.&nbsp; What I am asking is shouldn't the Date &amp; Time setting in the Settings pane automatically change that dropdown to whatever I had set in the Settings pane?&nbsp;So if I set the Date &amp; Time in the Settings pane to use Local Time, shouldn't that drop down in the results pane automatically be set to that as well?&nbsp;Right now it appears to do that for all BUT the first tab that opens in the Logs page.&nbsp; That seems to be a bug.

sarah_young · Answer

GaryBushey&nbsp;I can replicate what you describe, thanks for clarifying.
&nbsp;
I have checked with our Azure Monitor PG and they tell me that this is working as intended at the moment, it's not a bug. If you think it needs to be changed you can raise it with the Log Analytics/Azure Monitor team user voice -&nbsp;https://feedback.azure.com/forums/913690-azure-monitor
&nbsp;
Sarah

Forum Discussion

Azure Sentinel Logs time settings not working

6 Replies

Resources