Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Out of 3 clusters why are 2 showing similar results and the third is missing results?

narenpalepu
New Member
‎09-20-2017 10:29 AM

Hi ,
Rest API Splunk query results difference

We have a query running with JDK REST API. We have 3 spunk clusters. The result on 2 clusters is showing full results. where as one cluster is showing only 10 results. The configuration files look same. Is there any parameter I need to adjust to give complete results.

Thanks,

NP

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 10:55 AM

Most obvious question is, do your 3 index clusters have the same data on them? If you run the search against the individual cluster in question, via GUI, do you get proper results?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎09-20-2017 01:58 PM

@narenpalupu - You have indicated that your issue is resolved. We've moved the questions and answers together to thread them as comments and replies. This makes the discussion easier to read.

Please accept the answer in order to mark the question as closed.

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 10:55 AM

Most obvious question is, do your 3 index clusters have the same data on them? If you run the search against the individual cluster in question, via GUI, do you get proper results?

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 11:16 AM

Three clusters do not share same data but they have similar data with similar no of results.

0 Karma
Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 11:36 AM

Does your API user have the same permissions on all the clusters?

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 01:08 PM

Good Question. That helps. I started managing spunk couple of weeks ago. The user roles are same. But one cluster has new index which is missing in search default. other 2 has data in main index. That clarifies. Please mark the issue, resolved.

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 11:15 AM

Yes . Thanks for asking. From GUI we get complete results on all three clusters. From API 2 clusters shows similar to GUI results. One Cluster shows only 10.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...