I am using Splunk 5, Few day ago, I migrated old splunk data to new server via file copy.
After moved all data, I restarted splunk server but from that time, Last Update time is in the future time.
My linux server time has been configured with KST(UTC +9:00). If linux server time is Mon Oct 7 16:28:06 KST 2013 but last update time, Last update time in Splunk is Mon Oct 8 10:34:47 KST 2013.
How do I fix this problem?
Hi markovic, Thanks for your interesting.
I have resolved this problem few days ago.
But my solution runs only in Ubuntu machine.
Please follow steps,
1. open "/etc/default/rcS" file
2. check this line if exists
assume that the BIOS clock is set to UTC time (recommended)
3. if UTC=Yes, Ubuntu server set up your localtime as UTC. I work in Asia. Because my local time is UTC, so I try to configure my loca time(UTC+9), all time stamp are future value.
Please change the value from UTC=yes to UTC=no.