AppD Archive
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Buggy Event Search

CommunityUser
Splunk Employee
Splunk Employee
‎03-31-2015 06:28 AM

Hi,

it seems the event search is buggy and delivers inconsistent result.

For example: 

I am searching for events on 03/26/15 between 1pm and 8pm, I get 22 events.

When I am searching for events on 03/26/15 between 12pm and 8pm, I get 6 events.

When I am searching for events on the whole day I got not results at all! (appendix)

How is this possible? The larger timerange should contain at least so many events as the smaller timerage.

Is there another way to search event.

Regards,

Thomas

Preview file
3 KB
Preview file
3 KB
Preview file
3 KB
0 Karma
Reply

Arun_Dasetty
Super Champion
‎04-01-2015 06:37 AM

Hi Thomas,

I have checked similar case in local and could not reproduce the issue as referred in below screenshots, can you check the filters section in middle panel and see how it goes with no filters selected once?

image.png

image.png

image.png

Regards,

Arun

0 Karma
Reply

CommunityUser
Splunk Employee
Splunk Employee
‎04-02-2015 02:31 AM

With no filter selected I got results for the whole day (but there to many result to check, way more than 10k).

As soon as I set a filter to "Application Change" and "Discovery" I got the problem I discribes in my post.

Maybe there is a filter issue?

0 Karma
Reply

Arun_Dasetty
Super Champion
‎04-02-2015 02:45 AM

Hi  Thomas,

Yes that is what i suspected hence i asked to check filters panel it looks the corresponding filters are not auto repfilled when time range is changed somehow in your as that is not happening in our case, Hope that clarifies.

Regards,

Arun

0 Karma
Reply

CommunityUser
Splunk Employee
Splunk Employee
‎04-02-2015 03:27 AM

So I set the timerange to one day, clear all filter (Clear Criteria) and search --> results look ok.

I just checked my filter --> no results for the timerange

Adjust the timerage to one hour --> got results!!

So from my point of view there is nothing to clearify! It just do not work!

So I have to change to see the event of these categories over a timerange of one day.

How can I see these events?

0 Karma
Reply

Arun_Dasetty
Super Champion
‎04-02-2015 08:04 AM

Hi Thomos,

You would need to select corresponding (say: agent diagnostics events) filters in "show Filters"  pane in middle panel Or select buttong "Clear criteria" which shows all events, check if that clarifies your query.

If you could not locate appropriate filters, provide screenshot with better resolution as it is not clear from initial screenshots the type of events we are referring in UI

Regards,

Arun

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...