All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

wrong time in last connected OPSEC LEA

bhanu22
Engager
‎09-09-2013 08:42 PM

In the OPSEC LEA LOGGRABBER APP for checkpoint the time shown in "last connected" is incorrect.
I have the Splunk server running in UTC while I access the Splunk Web interface to create the connection from Singapore it shows me the last connected time in SGT but with future time.
That is SGT is UTC + 8 so the last connected shown in SGT should be local time of Singapore but however the last connected shown to me is UTC + 16 i.e. SGT + 8, hence the OPSEC LEA app is showing me last connected time incorrect. I have confirmed Splunk server, Checkpoint CMA, Gateway and provider-1 all are running in UTC.
Can some one please help me in this issue, I have gone through the Splunk configs no where I have configured any custom timezones, its set to use the local server time.

Reply
1 Solution
Solved! Jump to solution
Solution

amarsaroj
Explorer
‎09-13-2013 03:24 AM

Checkpoint App Version: 1.11.1

This issue is seen when the server where the checkpoint app is setup (usually forwarder) and the user location viewing the 'Manage Connections' fall in different timezone.

Looks like the ajax script controlling the opsec app, is calculating the Date() incorrectly. The Date function which operates on 'data.last_time' (which is epoch time of last connection time) is using the offset parameter unnecessarily. Removing the offset solved the issue.

AJAX file location: $app path/appserver/static/opsec.js';
function: getConnInfo()

EDIT:
d = new Date(data.last_time*1000 - offset);

TO:
d = new Date(data.last_time*1000);

Note: Removal of the browser cache maybe required for the changes to take effect.

View solution in original post

Reply
Solved! Jump to solution
Solution

amarsaroj
Explorer
‎09-13-2013 03:24 AM

Checkpoint App Version: 1.11.1

This issue is seen when the server where the checkpoint app is setup (usually forwarder) and the user location viewing the 'Manage Connections' fall in different timezone.

Looks like the ajax script controlling the opsec app, is calculating the Date() incorrectly. The Date function which operates on 'data.last_time' (which is epoch time of last connection time) is using the offset parameter unnecessarily. Removing the offset solved the issue.

AJAX file location: $app path/appserver/static/opsec.js';
function: getConnInfo()

EDIT:
d = new Date(data.last_time*1000 - offset);

TO:
d = new Date(data.last_time*1000);

Note: Removal of the browser cache maybe required for the changes to take effect.

Reply
Solved! Jump to solution

amarsaroj
Explorer
‎09-15-2013 06:38 PM

Firefox 14.0.1

0 Karma
Reply
Solved! Jump to solution

araitz
Splunk Employee
Splunk Employee
‎09-13-2013 09:24 AM

Nice! I filed OPSEC-125 for this issue. What browser were you using?

0 Karma
Reply
Solved! Jump to solution

bhanu22
Engager
‎09-13-2013 03:27 AM

thanks it fixed the issue

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...