Archive

What's the difference between search&reporting app and quality monitoring app

happybotter
New Member

The search statement like the following:

host = "*****" | rex field=data.textPyaload "time_ms=(?[\s]+)" | timechart span=1m avg(time_ms)

I can get the statistics in search&reporting app, but in quality monitoring app, there are no results. Is there any limit in quality monitoring app that I can't execute rex command?

Tags (1)
0 Karma

adonio
SplunkTrust
SplunkTrust

what is the "quality monitoring app"?
my thoughts here are that the field extractions for the fields are on app level and therefore you cant see them in your "quality monitoring app"
try and run this from "quality monitring app" ... host=* | fields = data.textPyaload and verify its extracted correctly

0 Karma

happybotter
New Member

Thank you adonio.
There are many different apps in Splunk enterprise, Quality Monitoring is just one of them. I just use Search&Reporting and Quality Monitoring these two apps.
The problem is that I use the same search statement in these two apps, In Search&Reporting, when I run the search, I can get events and statistics, that's what I want. But in Quality Monitoring, I can get events and it's same as Search&Reporting, but can't get statistics.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The problem is not with the rex command, which is available to all apps. You are probably using some knowledge object which is part of the Search & Reporting app and is shared only for app (not global) access. Check the permissions settings on the objects you may have created.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

happybotter
New Member

Thank you richgalloway,
I guess there is something wrong with permission, because after run the search statement, the events are same in Search&Reporting and Quality Monitoring app, the difference is we can extract value from log in Search&Reporting app, while can't in Quality Monitoring app.
As you said, Check the permissions settings on the objects you may have created. What's your mean of objects.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Knowledge objects are things like eventtypes, tags, field extractions, etc.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!