Solved: "Latest Event" on main search dashboard 12 hours a...

mmletzko · ‎06-24-2011

I have a Prod and QA instance of Splunk with 2 forwarders. Prod is v4.1.4, QA is v4.2.2. Both of them show a "latest event" on the home search screen 12 hours ahead of current time. Does anyone know where this would be coming from? The date/time on both indexers and 2 forwarders is fine.

Greg_LeBlanc · ‎06-24-2011

Where are you getting your information from? If you're getting your information from external sources, I would check those times.

Or you could try searching for that record +12 hours ahead (using custom time) to see where the record is coming from.

View solution in original post

Greg_LeBlanc · ‎06-24-2011

Where are you getting your information from? If you're getting your information from external sources, I would check those times.

Or you could try searching for that record +12 hours ahead (using custom time) to see where the record is coming from.

mmletzko · ‎06-24-2011

Thanks Greg - that did the trick. Not sure why I didn't think of just using the future custom time.

"Latest Event" on main search dashboard 12 hours ahead?

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!