While searching DHCP logs there are huge latency (...

pavanbmishra · ‎03-02-2022

Hi SMEs, i have quick query here. While searching DHCP logs i could see huge latency (indextime -time) for few events , rest all looks ok. sharing two consecutive event logs with minimal and max latency reported. Any clue. Event collection is through UF here

pavanbmishra · ‎03-03-2022

Ok, and how that could be checked/confirmed? however these both logs from same host here.

ITWhisperer · ‎03-03-2022

One entry says date_zone 0 and the other says date_zone local - where do these come from? Presumably, this is something from the DHCP server itself. Do you have any documentation on the DHCP server logging process?

Alternatively, can you use this field to adjust your calculation of what the "latency" might be?

ITWhisperer · ‎03-02-2022

Could it be that one entry has a timestamp in local time (UTC-05:00 approx.) whereas the other is in 0 time?

While searching DHCP logs there are huge latency (indextime -time) for few events

universal forwarder

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation