Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Universal Forwarder Local Clock

santosh_sshanbh
Path Finder
‎03-02-2020 12:29 AM

I have more than 100 UF deployed and wan to know the date and time of each of the forwarders to be shown in real time basis on a dashboards. How I can read the clock data of a UF on a real time basis?

Tags (1)
0 Karma
Reply

nickhills
Ultra Champion
‎03-02-2020 06:32 AM

Best practice is that all of your forwarders uses a synchronised time source, in many cases thats likely NTP or the Windows Time Service.

The problem with your question, is how would you trust what a UF thinks its time is vs what it really is.

You would be relying on the UF knowing two times - the real time, and its local time.
You could write a simple scripted input to query a known good time source like an ntp server, and write its result alongside your UF's local time into a logfile and configure your inputs.conf to collect both times so you could compare any drift (but you can expect a few ms difference between the two even on a perfectly synced system)

Then, there is your use of the dreaded phrase "real time". At the risk of running away on a tangent, take a look at this post for reasons why "real-time" in your use case is probably a bad idea.
https://answers.splunk.com/answers/734767/why-are-realtime-searches-disliked-in-the-splunk-w.html

If my comment helps, please give it a thumbs up!
0 Karma
Reply

santosh_sshanbh
Path Finder
‎03-02-2020 09:53 PM

Thanks for the inputs. QQ, can you share some thoughts on how to get the time of NTP server?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...