All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

When will Chrony be supported?

mikaellindstrom
New Member
‎09-09-2019 08:49 AM

Hi,
what's the ETA for supporting Chrony in addition to NTP? As per the release notes, RHEL 7 and CENTOS 7 are supported, but the default network time protocol function is Chrony.

Btw. Went to the Splunkbase page for this add-on (which in general is very useful!) and the "File a case" link doesn't work.

Regards,
Mikael Lindstrom

0 Karma
Reply

nunoaragao
Path Finder
‎01-26-2022 08:23 AM

Regarding TA nix >8.1 with support for Chrony, I'm deflated that any recent version does not attempt at having similar log events from systems with Chrony or systems with ntpdate. As most other scripts do with smart awk expressions.

Also, on systems with ntpdate BUT that run Chrony for time sync (hint: RHEL7), the script bypasses Chrony configuration. But this I managed to fix it myself by including lines 2 and 3:

if [ $FOUND_NTPDATE -eq 0 ] ; then
	echo "Found ntpdate command" >> $TEE_DEST
	if [ -f  /etc/chrony.conf ] ; then        # Special
		CONFIG=/etc/chrony.conf
	elif [ -f    /etc/ntp.conf ] ; then         # Linux; FreeBSD; AIX; Mac OS X maybe
		CONFIG=/etc/ntp.conf
	elif [ -f  /etc/inet/ntp.conf ] ; then    # Solaris
		CONFIG=/etc/inet/ntp.conf
	elif [ -f  /private/etc/ntp.conf ] ; then # Mac OS X
		CONFIG=/private/etc/ntp.conf
	else
		CONFIG=
	fi

 

0 Karma
Reply

nunoaragao
Path Finder
‎01-27-2022 06:57 AM

.. and to make chrony output similar to ntpdate, replaced the final section like this (switching the last lines of code to ntpdate condition)

( ... )
else
	CMD2="chronyc"
	assertHaveCommand $CMD2
	chronyc -n sources | awk -F"[] []+" '/\^/ {printf "server %s, stratum %d, offset %s, delay %s\n",$2,$3,$8,$10}'

Attempted to also use variable $AWK like most of the other scripts but kept having double quotes escaping errors .. gave up. Maybe not efficient but does the trick

0 Karma
Reply

mikaellindstrom
New Member
‎09-10-2019 08:54 AM

In the Splunk Linux /Unix app, the time.sh for example only supports ntp and not chrony so using the add-on on an RHEL 7 system with the default network time protocol (i.e. chrony) will be missing the NTP data. time.sh should support both NTP (legacy) and chrony (preferred).

0 Karma
Reply

uthornander_spl
Splunk Employee
Splunk Employee
‎06-16-2020 05:06 AM

It is around the corner - should be in *NIx TA 8.1. https://splunkbase.splunk.com/app/833/ that is imminent.

UT
0 Karma
Reply

uthornander_spl
Splunk Employee
Splunk Employee
‎09-10-2019 02:12 AM

What is it that you want to do with Chrony that you can't do today?
I hadn't heard about it before but to the best of my understanding, there shouldn't be any difference to Splunk.
If it's just the matter of the time logs, you should be able to ingest them just as you ingest any other data.

UT
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...