Solved: Re: How to fix time for the Index, Source and Time...

kwaingrow · ‎03-21-2013

Set up: The system clocks for our Searcher and Indexers run GMT, our events are coming from servers posting in PST, EST and GMT.

I have 2 questions/Issues:
1) The index, Source, and timeline display time are all different and out of sync. How can I get them in sync? (see picture: http://www.ugu.com/splunk/time.jpg)

2) One indexer displays the Index time in GMT and all of our other indexers display the index time the same as the event source time. What would make this one indexer different from the rest.

kwaingrow · ‎03-27-2013

Resolved: Restart of Splunk Searcher resolved the issue.

View solution in original post

kwaingrow · ‎03-27-2013

Resolved: Restart of Splunk Searcher resolved the issue.

kwaingrow · ‎03-22-2013

ooops, Sorry. Version 4.2.3-105575

Also #2 has been resolved after a reboot of the server had been preformed.

But #1 display time on the top graph is not the same as the indexed time or the source time. Could this be a bug in the version we are running? http://www.ugu.com/splunk/time.jpg

piebob · ‎03-22-2013

what version of Splunk are you running?

How to fix time for the Index, Source and Timeline graph so they the same?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases