Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Has anyone seen this Error message: Monotonic time source didn't increase; is it stuck?

tywhite
Explorer
‎10-17-2017 12:42 PM

Since we've upgraded to 7.0 we're seeing this particular error show up in the logs:

10-17-2017 11:30:30.772 -0600 ERROR PipelineComponent - Monotonic time source didn't increase; is it stuck?

We weren't able to find much information regarding this error online and wanted to poll the audience to see if anyone has encountered this as well.

Reply

uona
Observer
‎06-01-2020 01:15 PM

Got same error

Splunk Enterprise
Version: 8.0.2
Build: a7f645ddaf91

06-01-2020 13:04:41.446 -0400 ERROR PipelineComponent - Monotonic time source didn't increase; is it stuck?

0 Karma
Reply

stefanghita
Engager
‎02-03-2020 08:09 AM

I had the same question and I opened a Splunk case. This is the response:

"This is an error we have come across with some of our Windows customers, and seems more common of virtualized instances. The splunk process will periodically check the time of the OS system and will show this error if there is a difference (~15 ms) as an indication of the time progress internally. This is really an internal ERROR that should not be reported.

Reference: GetTickCount64 function https://docs.microsoft.com/en-gb/windows/win32/api/sysinfoapi/nf-sysinfoapi-gettickcount64

This issue is currently fixed in version 8.0.0, and if you would like to stop this error from occurring, you will need to look into upgrading to 8.0, otherwise, you can ignore this error message.​"

Reply

esix_splunk
Splunk Employee
Splunk Employee
‎10-17-2017 01:03 PM

Whats your time stamp look like for that data source? Typically this would be with a timestamp that isnt recognized or something wrong with your data source...

0 Karma
Reply

tobais
Engager
‎07-06-2018 12:54 PM

I have this error on one heavy forwarder but not the other, all pulling the same configurations? So the datasources are the same on each environment, but only one throws this message followed by:

WARN TcpOutputProc - Tcpout Processor: The TCP output processor has paused the data flow. Forwarding to output group splunkcloud has been blocked for 39750 seconds. This will probably stall the data flow towards indexing and other network outputs. Review the receiving system's health in the Splunk Monitoring Console. It is probably not accepting data.

0 Karma
Reply

jwinderDDS
Path Finder
‎04-02-2018 10:15 AM

How do I go about identifying which source is having an issue? Looking at the splunkd.log it isn't obvious.

Thank you in advance,

Jeremy

Reply

tywhite
Explorer
‎10-18-2017 04:53 AM

The timestamp shown in the error I posted is directly from the splunkd.log file.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...