Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk SDK search with aggregates returns zeros for aggregate values.

cwilen
Engager
‎04-15-2013 08:13 AM

I'm trying to export data from Splunk using the Java SDK. The search I'm using includes aggregate functions avg, min and max. The search works fine in Splunk Search web app but when exporting via SDK the aggregate values return zeros. A count value does return data as well as the time field. I've exported the values as JSON, XML and CSV and all return values in the raw output stream. Is this an issue with the aggregates values being decimals? Are they handled differently?

Tags (2)
Reply

Neeraj_Luthra
Splunk Employee
Splunk Employee
‎05-01-2013 09:12 AM

The search query string, when used from Java SDK needs to have special characters like backslash (\) properly escaped. After working more with @cwilen we learnt that lack of escaping these characters was causing this problem.

Lesson learned: The search query string that works in Splunk UI may not work as-is from the SDK if it has special characters that need escaping.

0 Karma
Reply

Neeraj_Luthra
Splunk Employee
Splunk Employee
‎04-17-2013 07:19 AM

I believe we are helping you through the support case. We will update this post once we are able to resolve your issue with the findings from that case.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...