AppD Archive
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Buggy Event Search

CommunityUser
Splunk Employee
Splunk Employee
‎03-31-2015 06:28 AM

Hi,

it seems the event search is buggy and delivers inconsistent result.

For example: 

I am searching for events on 03/26/15 between 1pm and 8pm, I get 22 events.

When I am searching for events on 03/26/15 between 12pm and 8pm, I get 6 events.

When I am searching for events on the whole day I got not results at all! (appendix)

How is this possible? The larger timerange should contain at least so many events as the smaller timerage.

Is there another way to search event.

Regards,

Thomas

Preview file
3 KB
Preview file
3 KB
Preview file
3 KB
0 Karma
Reply

Arun_Dasetty
Super Champion
‎04-01-2015 06:37 AM

Hi Thomas,

I have checked similar case in local and could not reproduce the issue as referred in below screenshots, can you check the filters section in middle panel and see how it goes with no filters selected once?

image.png

image.png

image.png

Regards,

Arun

0 Karma
Reply

CommunityUser
Splunk Employee
Splunk Employee
‎04-02-2015 02:31 AM

With no filter selected I got results for the whole day (but there to many result to check, way more than 10k).

As soon as I set a filter to "Application Change" and "Discovery" I got the problem I discribes in my post.

Maybe there is a filter issue?

0 Karma
Reply

Arun_Dasetty
Super Champion
‎04-02-2015 02:45 AM

Hi  Thomas,

Yes that is what i suspected hence i asked to check filters panel it looks the corresponding filters are not auto repfilled when time range is changed somehow in your as that is not happening in our case, Hope that clarifies.

Regards,

Arun

0 Karma
Reply

CommunityUser
Splunk Employee
Splunk Employee
‎04-02-2015 03:27 AM

So I set the timerange to one day, clear all filter (Clear Criteria) and search --> results look ok.

I just checked my filter --> no results for the timerange

Adjust the timerage to one hour --> got results!!

So from my point of view there is nothing to clearify! It just do not work!

So I have to change to see the event of these categories over a timerange of one day.

How can I see these events?

0 Karma
Reply

Arun_Dasetty
Super Champion
‎04-02-2015 08:04 AM

Hi Thomos,

You would need to select corresponding (say: agent diagnostics events) filters in "show Filters"  pane in middle panel Or select buttong "Clear criteria" which shows all events, check if that clarifies your query.

If you could not locate appropriate filters, provide screenshot with better resolution as it is not clear from initial screenshots the type of events we are referring in UI

Regards,

Arun

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...