We just upgraded our Splunk server to version 7.0. I created a query that has a time range Between 05/19/2018 04:28:00.000 and 05/19/2018 08:47:00.000. I list 50 events per page. I navigate through pages and I see events in random order. On page 17 (page with oldest events) I see events with these times in this order:
5/19/18 6:11:09.115 AM
5/19/18 5:35:07.463 AM
5/19/18 5:31:00.510 AM
5/19/18 6:08:27.757 AM
5/19/18 6:08:27.753 AM
5/19/18 5:31:00.510 AM
and so on....
There are 2 problems, 1 is that they are not in expected order and 2 the oldest events should have a time close to 05/19/2018 04:28:00.000.
What is going on here?
... View more