Last update time is future time

happy035 · ‎10-07-2013

Hi there,

I am using Splunk 5, Few day ago, I migrated old splunk data to new server via file copy.
After moved all data, I restarted splunk server but from that time, Last Update time is in the future time.
My linux server time has been configured with KST(UTC +9:00). If linux server time is Mon Oct 7 16:28:06 KST 2013 but last update time, Last update time in Splunk is Mon Oct 8 10:34:47 KST 2013.
How do I fix this problem?

markovic · ‎10-23-2013

Did you find a fix for your problem? Now i got the same problem after moving the buckets.

happy035 · ‎10-23-2013

Hi markovic, Thanks for your interesting.
I have resolved this problem few days ago.
But my solution runs only in Ubuntu machine.

Please follow steps,
1. open "/etc/default/rcS" file
2. check this line if exists
assume that the BIOS clock is set to UTC time (recommended)
UTC=no
3. if UTC=Yes, Ubuntu server set up your localtime as UTC. I work in Asia. Because my local time is UTC, so I try to configure my loca time(UTC+9), all time stamp are future value.

Please change the value from UTC=yes to UTC=no.
Cheers~~

Last update time is future time

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

Last update time is future time

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine