This section provides answers to frequently asked questions (FAQs) about the TrueSight IT Data Analytics product:
This problem could be caused by an issue with the time-clock synchronization of the various hosts in your environment. This issue could also occur if the time clock of the target host from which you want to collect data and the time clock of the IT Data Analytics server are not synchronized. Furthermore, it might happen if, when you created the data collector, the time zone selected was incorrect, in which case the data is indexed for an incorrect time.
Ensure that all hosts in your environment have their system clocks synchronized so that their time zones are properly set. Also ensure that the time zone is correctly set when you create a data collector.
A single data collector can connect with a single ProactiveNet cell at one time.
The time lag between the data generated in the logs and the notification may vary from 1 minute up to the data collector poll interval. The time lag depends on multiple factors:
The time lag between the data generated in the logs and the notification may vary from two minutes up to the notification execution duration.
The time lag depends on multiple factors:
When the Collection Agents are restarted, they start reading the data from the time they are restarted, and they ignore old data. Data that occurs between the time when the Collection Agent was stopped and the time when the Collection Agent was started is ignored.
If the data that you are collecting has a time stamp that is more than 24 hours in the future, that data is not indexed. Therefore, you must ensure that the time settings on the target hosts and the collection hosts are correct and are synchronized. You must also specify the correct time zone when you create the data collector.
If your data file does not have any reference to the year in the time stamp (in syslog files, for example), and at the time of indexing the product detects that the time when the data occurred is ahead of the current time, the product assumes that this data has occurred in the previous year. Such an occurrence might happen if the target host and collection host time settings are not synchronized. Based on the maximum data retention period (set in days), such data might not be indexed.
If the product server's date and time are set to June 10, 2014, 2:45 A.M., and the events received have a date and time stamp of July 10, 3:45 A.M., the product assumes that the year when the data occurred is 2013 (the previous year). Now, if the data-retention period in the product is set to 15 days, this data is not indexed, because the time at which the data occurred lies outside the maximum data-retention period.