Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Out of 3 clusters why are 2 showing similar results and the third is missing results?

narenpalepu
New Member
‎09-20-2017 10:29 AM

Hi ,
Rest API Splunk query results difference

We have a query running with JDK REST API. We have 3 spunk clusters. The result on 2 clusters is showing full results. where as one cluster is showing only 10 results. The configuration files look same. Is there any parameter I need to adjust to give complete results.

Thanks,

NP

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 10:55 AM

Most obvious question is, do your 3 index clusters have the same data on them? If you run the search against the individual cluster in question, via GUI, do you get proper results?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎09-20-2017 01:58 PM

@narenpalupu - You have indicated that your issue is resolved. We've moved the questions and answers together to thread them as comments and replies. This makes the discussion easier to read.

Please accept the answer in order to mark the question as closed.

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 10:55 AM

Most obvious question is, do your 3 index clusters have the same data on them? If you run the search against the individual cluster in question, via GUI, do you get proper results?

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 11:16 AM

Three clusters do not share same data but they have similar data with similar no of results.

0 Karma
Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 11:36 AM

Does your API user have the same permissions on all the clusters?

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 01:08 PM

Good Question. That helps. I started managing spunk couple of weeks ago. The user roles are same. But one cluster has new index which is missing in search default. other 2 has data in main index. That clarifies. Please mark the issue, resolved.

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 11:15 AM

Yes . Thanks for asking. From GUI we get complete results on all three clusters. From API 2 clusters shows similar to GUI results. One Cluster shows only 10.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...