Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

System Time in Splunk off but log times are correct

courtneyj
Engager
‎02-12-2021 01:25 PM

Here is my environment

Cluster Master, License Master, Deployment Server (on one Splunk instance)

Cluster of 3 indexes

 Separate Search Head

Noticed when I checked the Forwarder Manager in my deployment server  my clients had not phoned home in 8 hours.  Then I ran 

index = _internal httppubsubconnection "uri=/services/broker/phonehome"

to see if there were any errors phoning home but to my surprise everything was good. In Forwarder Management I also deleted a record and it came right back which also confirmed a successful phone home but it said 8 hours ago.  Ran other searches and the event time and log times are good. Then I noticed in my search history that the previous search I conducted was done 8 hours ago even though I just ran them.  Played with time zone in user preference but nothing. Any suggestions on why everything in Splunk is 8 hours behind when it comes to phoning home and when a search was conducted.

Labels (1)
Labels
0 Karma
Reply

manjunathmeti
Champion
‎02-13-2021 07:44 AM

Check the server/system date time on the instance where Deployment Server is deployed. Make sure it is matching with the server time of the machine where deployment clients exist.

If this reply helps you, an upvote/like would be appreciated.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...