I've downloaded and installed the rest-api modular input (rest_ta). I've defined in my inputs.conf REST end point that I'm interested in which returns JSON and when I do a search and display the results in list format Splunk shows the JSON format perfectly, i.e. all json fields are display in red with full expand/collapse on any part of the Json. I believe that this indicates Splunk recognizes it as JSON since the source type is _json and the response type is json. However, when I try to do any stats on it I get "no results found". So tried the samples shown in the "analytics.usa.gov Recreated Using Splunk sample" and I have the same issue, i.e. when I search "sourcetype="_json" source="rest://visits by desktop mobile tablet devices over 90 days p1d" I can see a perfect JSON breakdown but if I add stats (sourcetype="_json" source="rest://visits by desktop mobile tablet devices over 90 days p1d"| stats latest(totals.devices.desktop) I get no result found. I'm not sure what the issue is since it seems that for JSON response the default response handler is sufficient and there is no need for special handler and also the sample above doesn't mention anything else.