By Splunk February 02, 2010
Every once in a while, rarely, you may get a splunkd.log error that looks something like this:
12-07-2009 14:32:06.894 ERROR bucket - Failed to resurrect timezone ('
' delimited): '### SERIALIZED TIMEZONE FORMAT 1.0
C0
Y0 NW 47 4D 54
$'
This is splunk saying it can’t parse the timezone description it just got. This can be a problem when you’re in a distributed environment, and you’re asking for data to be bucketed (collected) into time-specific chunks. A typical example is when using timecharts.
The fix for this particular issue is called Splunk 4.0.7, but if you’re curious to know what timzeone it actually is, the digits of hex are the name, represented as ascii values.
A quick trip to python shows us a more familiar name:
jrodman@joshbook:~> python
Python 2.6.1 (r261:67515, Jul 7 2009, 23:51:51)
[GCC 4.2.1 (Apple Inc. build 5646)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
0x47, 0x4D, 0x54
(71, 77, 84)
chr(71)
'G'
map(chr, (0x47, 0x4D, 0x54))
['G', 'M', 'T']
----------------------------------------------------
Thanks!
Joshua Rodman