We have a server running in Japan timezone. Recently when we did not find logs during a live testing.
Next day we ran the query to calculate delta between indextime and event time --- "eval delta=_indextime-_time"
It is showing even a negative value.
Please refer to attached screenshot. Since that is not possible in real time that an index gets created even before event occurs, is there an issue because the server is behind UTC?
2019-04-18 13:49:20.992 || 2019-04-18 14:08:13 || 1132.008
2019-04-18 12:50:37.005 || 2019-04-18 14:08:13 || 4655.995
2019-04-18 13:49:21.046 || 2019-04-18 13:49:26 || 4.954
2019-04-18 13:49:21.038 || 2019-04-18 13:49:23 || 1.962
2019-04-18 21:53:45.843 || 2019-04-18 12:53:51 || **** -32394.843 ****
2019-04-18 12:52:04.591 || 2019-04-18 12:52:05 || 0.409
↧