Re: Not showing csv data

dsiob · ‎06-14-2017

hi,
I uploaded csv file having a date field. This field has current week dates as well as future week dates.
CSV got uploaded successfully without any warning, but while searching on the csv it shows '0 events before 6/14/2017 8:51:00AM'. '6/14/2017 8:51:00AM' is current time.
I alreadyset MAX_DAYS_HENCE=30 in props.config

While uploading

On searching

woodcock · ‎06-14-2017

You can do a search for All timeor, as @BlueSocket said, use latest=+30d or similar.

BlueSocket · ‎06-14-2017

I see what is going wrong - you have given the data in the future and so the data is indexed in the future. However, the search is by default in the past. Have you tried using the search:

source="New_Excel_B.csv" host="397AD-1A210036" sourcetype="csv" latest=+30d

dsiob · ‎06-14-2017

now the result is "0 events (before 7/15/17 12:01:38.000 AM)"

BlueSocket · ‎06-22-2017

I just had a thought., What happens when you do the following query?

sourcetype="csv" earliest=-10y latest=+10y

Do you get anything then?

dsiob · ‎06-14-2017

One thing I noticed that it is showing count as '1' in Data Summary for 'New_Excel_B.csv' but while uploading it displayed all events the csv has. !!!

Not showing csv data

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Casting Call: Compete in Cyber Games

Announcing Modern Navigation: A New Era of Splunk User Experience

How Edge Processor's Durable Queue Works

Join the Conversation