In some cases, the Splunk Phantom virtual appliance can lose its time synchronization with the system time. For example, some virtual machine management functions can be run that would revert the Splunk Phantom virtual appliance an older snapshot that is still running, thus pausing the virtual appliance and losing synchronization with the system time.
You can use any of the strategies on this page to work around this issue.
Install VMWare Tools on the virtual appliance
You can install the VMWare Tools configuration utility on the virtual appliance and synchronize it with the ESX host. In this scenario, the time is automatically synchronized whenever the host is resumed or reverted.
Manually update the time on the host
You can use the ntpdate command to force the date to be updated. Access the command line of the virtual appliance as root, then run the ntpdate command. For example:
ntpdate -v -u 0.centos.pool.ntp.org
Replace the NTP host or pool as desired.
Install the VMWare Tools on your Splunk Phantom virtual machine
In VMWare environments, you can install VMWare Tools configuration utility on your Splunk Phantom virtual machine. This causes the virtual machine to automatically synchronize the time with the physical host, assuming the physical host as NTP configured.
Perform the following steps:
- Make sure NTP is properly configured on the physical host.
- In the VMWare management environment, install the VMWare Tools configuration utility on the virtual machine. This "inserts" a CD containing VMWare Tools into the virtual CD-ROM drive.
- Access the command line of virtual machine as the root user.
- Run the following command:
mount /dev/cdrom /mnt - Untar the file from the /mnt directory into the root user's home directory:
[root@localhost]# cd ~
[root@localhost]# tar -xvf /mnt/VMWareTools-9.4.5-1598834.tar.gz
[root@localhost]# cd vmware-tools-distrib/
- Run the following command to start the installer, and follow the prompts to complete the installation:
[root@localhost]# ./vmware-install.pl
