Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk 4.2.2 - Logs off by several Hours

A4orce84
New Member
‎08-10-2011 08:40 AM

Good Morning,

We recently upgraded our Splunk Instance to version 4.2.2, today we noticed that several of our logs are off by a few hours. Currently it is 10:40 AM (CST) time, but when you log-in and look at the search, it's several hours in the future:
alt text

Our environment comprises of:
A. Splunk Indexer -- Version 4.2.2
B. Splunk Forwarders -- Pre 4.2 (Most are on 4.1.x versions)

Any assistance would be greatly appreciated! Thanks!

--Asif Ahmad

Tags (4)
0 Karma
Reply

A4orce84
New Member
‎08-10-2011 12:02 PM

Well the funny thing, is that it seems to be working in our TEST environment. So I'm trying to figure out what's the difference between TEST and PRODUCTION.

0 Karma
Reply

acdevlin
Communicator
‎08-11-2011 10:02 AM

I see.

Unfortunately, unless you can find any more specific information about the two environments, I don't believe there is much other help I can give here; Digging through them to find the differences is something you'll have to tackle yourself...

If there are different .conf files for TEST and PRODUCTION, I would still recommend looking at the timezones set for each. Also, which environment did you upgrade to 4.2.2?

0 Karma
Reply

acdevlin
Communicator
‎08-10-2011 09:28 AM

Splunk might be confused about your timezone; maybe the upgrade messed with your .conf files somehow?

Here's the documentation page on timestamps. It explains how to set up time-related options far better than I could: http://docs.splunk.com/Documentation/Splunk/4.2.3/Data/Configuretimestamprecognition

Hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...