Getting Data In
Highlighted

Why is one of our Linux Splunk 6.x forwarders reporting "Detected system time adjusted backwards..."?

Explorer

One of our Linux hosts running a Splunk 6.x forwarder is getting an excessive number of messages in splunkd.log:

04-28-2016 21:39:18.560 -0400 WARN TimeoutHeap - Detected system time adjusted backwards by 4ms.
04-28-2016 21:39:28.576 -0400 WARN TimeoutHeap - Detected system time adjusted backwards by 3ms.
04-28-2016 21:39:35.581 -0400 WARN TimeoutHeap - Detected system time adjusted backwards by 4ms.
04-28-2016 21:39:39.581 -0400 WARN TimeoutHeap - Detected system time adjusted backwards by 4ms.
04-28-2016 21:39:40.581 -0400 WARN TimeoutHeap - Detected system time adjusted backwards by 4ms.
04-28-2016 21:39:51.617 -0400 WARN TimeoutHeap - Detected system time adjusted backwards by 4ms.
04-28-2016 21:40:30.655 -0400 WARN TimeoutHeap - Detected system time adjusted backwards by 4ms.
04-28-2016 21:40:33.655 -0400 WARN TimeoutHeap - Detected system time adjusted backwards by 4ms.
04-28-2016 21:40:41.691 -0400 WARN TimeoutHeap - Detected system time adjusted backwards by 4ms.

ntp does appear to be running and the clock time looks ok when spot checking. Was wondering what that Splunk forwarder warning means? Does it thinks the system clock time is changing/bouncing around a lot and/or going backwards?

0 Karma
Highlighted

Re: Why is one of our Linux Splunk 6.x forwarders reporting "Detected system time adjusted backwards..."?

Ultra Champion
0 Karma