Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Out of 3 clusters why are 2 showing similar results and the third is missing results?

narenpalepu
New Member
‎09-20-2017 10:29 AM

Hi ,
Rest API Splunk query results difference

We have a query running with JDK REST API. We have 3 spunk clusters. The result on 2 clusters is showing full results. where as one cluster is showing only 10 results. The configuration files look same. Is there any parameter I need to adjust to give complete results.

Thanks,

NP

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 10:55 AM

Most obvious question is, do your 3 index clusters have the same data on them? If you run the search against the individual cluster in question, via GUI, do you get proper results?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎09-20-2017 01:58 PM

@narenpalupu - You have indicated that your issue is resolved. We've moved the questions and answers together to thread them as comments and replies. This makes the discussion easier to read.

Please accept the answer in order to mark the question as closed.

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 10:55 AM

Most obvious question is, do your 3 index clusters have the same data on them? If you run the search against the individual cluster in question, via GUI, do you get proper results?

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 11:16 AM

Three clusters do not share same data but they have similar data with similar no of results.

0 Karma
Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 11:36 AM

Does your API user have the same permissions on all the clusters?

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 01:08 PM

Good Question. That helps. I started managing spunk couple of weeks ago. The user roles are same. But one cluster has new index which is missing in search default. other 2 has data in main index. That clarifies. Please mark the issue, resolved.

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 11:15 AM

Yes . Thanks for asking. From GUI we get complete results on all three clusters. From API 2 clusters shows similar to GUI results. One Cluster shows only 10.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...