Splunk SOAR (f.k.a. Phantom)

Keeping accurate time on your Splunk Phantom virtual machine

kevinh_splunk
Splunk Employee
Splunk Employee
In some cases, the Splunk Phantom virtual appliance can lose its time synchronization with the system time. For example, some virtual machine management functions can be run that would revert the Splunk Phantom virtual appliance an older snapshot that is still running, thus pausing the virtual appliance and losing synchronization with the system time.
 

You can use any of the strategies on this page to work around this issue.

Install VMWare Tools on the virtual appliance

You can install the VMWare Tools configuration utility on the virtual appliance and synchronize it with the ESX host. In this scenario, the time is automatically synchronized whenever the host is resumed or reverted.

Manually update the time on the host

You can use the ntpdate command to force the date to be updated. Access the command line of the virtual appliance as root, then run the ntpdate command. For example:

ntpdate -v -u 0.centos.pool.ntp.org​

Replace the NTP host or pool as desired.

Install the VMWare Tools on your Splunk Phantom virtual machine

In VMWare environments, you can install VMWare Tools configuration utility on your Splunk Phantom virtual machine. This causes the virtual machine to automatically synchronize the time with the physical host, assuming the physical host as NTP configured.

Perform the following steps:

    1. Make sure NTP is properly configured on the physical host.
    2. In the VMWare management environment, install the VMWare Tools configuration utility on the virtual machine. This "inserts" a CD containing VMWare Tools into the virtual CD-ROM drive.
    3. Access the command line of virtual machine as the root user.
    4. Run the following command:
      mount /dev/cdrom /mnt
    5. Untar the file from the /mnt directory into the root user's home directory:
      [root@localhost]# cd ~
      [root@localhost]# tar -xvf /mnt/VMWareTools-9.4.5-1598834.tar.gz
      [root@localhost]# cd vmware-tools-distrib/
    6. Run the following command to start the installer, and follow the prompts to complete the installation:
      [root@localhost]# ./vmware-install.pl
Labels (2)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...