I am new to Splunk. I have a problem. In my project, we are extracting csv files from database with the help of hive queries and pushing that csv to Splunk.
I have done some data ingestion which is correct as per my understanding.
Also i am getting one Error "SemanticException Column iss_id Found in more than One Tables/Subqueries" for "/opt/splunk/etc/apps/search/bin/sendemail.py".
Generally in Splunk our reports data matches with the database. But all of sudden, we are getting higher volumes than our database.
Can you pls help me to find out why this is happening? Is this due to above integrity error? If not what are the pointers i need to check.