Time Offset on Splunk Servers

This Splunk Query shows if there is a time offset on your Splunk servers. I borrowed and modified this one from the splunk clock skew search posted on www.bbosearch.com (another pretty awesome site like this one!).  My version strips the unnecessary and renames some fields, but feel free to do what you want with it:

| rest /services/server/info | eval updated_t=round(strptime(updated, "%Y-%m-%dT%H:%M:%S%z"), 2) | eval delta=now()-updated_t | table serverName, updated, delta | convert ctime(updated_t)| rename updated as "Local Time on Server on Request" delta as "Offset - Time in Seconds"
Share This:

Leave A Comment?