All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

S.o.S. Errors view no longer showing event counts for clustered events

paulstark
Path Finder
‎05-07-2014 04:32 PM

Ive seen this behavior in many deployments. In the Splunk on Splunk errors page, I select 'Group Similar Events' and the cluster_count does not show up. why?

Reply

Ellen
Splunk Employee
Splunk Employee
‎09-09-2014 11:19 PM

Since 6.0.3, the cluster search command no longer returns the cluster_count by default.

eg. showcount = false

Prior to 6.0.3, the default of showcount = true

Since displaying the count could have a performance impact, from 6.0.3+ a user can pass showcount = true to the cluster command to return the cluster_count.

eg. index=_internal | cluster showcount=true | table cluster_count, _raw

SPL-83560 updates the documentation for the cluster command default showcount option

0 Karma
Reply

hexx
Splunk Employee
Splunk Employee
‎05-07-2014 11:50 PM

This is caused by a bug with Splunk Enterprise (reference: SPL-83560) which will be fixed in a future maintenance release.

Reply

hexx
Splunk Employee
Splunk Employee
‎05-27-2014 09:39 AM

Yes, the issue is indeed with the "cluster" command.

Reply

thisissplunk
Builder
‎05-27-2014 09:37 AM

Does this also explain why the cluster_count field added to events by the cluster commmand aren't showing up anymore as well? Only cluster_label is showing up now for me.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...