Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk SDK search with aggregates returns zeros for aggregate values.

cwilen
Engager
‎04-15-2013 08:13 AM

I'm trying to export data from Splunk using the Java SDK. The search I'm using includes aggregate functions avg, min and max. The search works fine in Splunk Search web app but when exporting via SDK the aggregate values return zeros. A count value does return data as well as the time field. I've exported the values as JSON, XML and CSV and all return values in the raw output stream. Is this an issue with the aggregates values being decimals? Are they handled differently?

Tags (2)
Reply

Neeraj_Luthra
Splunk Employee
Splunk Employee
‎05-01-2013 09:12 AM

The search query string, when used from Java SDK needs to have special characters like backslash (\) properly escaped. After working more with @cwilen we learnt that lack of escaping these characters was causing this problem.

Lesson learned: The search query string that works in Splunk UI may not work as-is from the SDK if it has special characters that need escaping.

0 Karma
Reply

Neeraj_Luthra
Splunk Employee
Splunk Employee
‎04-17-2013 07:19 AM

I believe we are helping you through the support case. We will update this post once we are able to resolve your issue with the findings from that case.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...