Question & Answer
Question
When comparing the Log Activity versus the Reports, why are there inconsistencies in the time stamps of the results?
Cause
If a managed host is located in a different time zone then the timestamps from events and flows may be different from the time zone of the Console.
Answer
QRadar can produce seemingly inconsistent and incorrect results when comparing the Log Activity versus the Reports if the Console and managed hosts are in different time zones. Furthermore, even if they are all in the same time zone, results can be misleading if the time zone that the report is generated is different that the time zone that the Console and managed hosts are in.
Under certain circumstances, this can result in reports returning what appears to be 48 hours of data for a daily report. It is strongly recommended for the Console and all managed hosts to be in the same time zone, or set the Console and all managed hosts to GMT to obtain results that are easily interpreted.
Where do you find more information?
Was this topic helpful?
Document Information
Modified date:
25 June 2018
UID
swg21995059