Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why do the results exported to CSV not match total number of events?

lohitkidu
Path Finder
‎02-18-2016 06:05 AM

Hi ,

I have a search without any statistic/transformation command like index=abc earliest=-7d. I am getting following information on events:
1. Total Events:689 (in timeline and eventCount in Job Inspector)
2. Events in "Events Section": If I navigate through all pages then there are total of 657 events and eventAvailableCount in Job Inspector.
3. If I export results to CSV then there are only 650 rows.

I get that if I do not use statistic/transformation command, then difference in point 1 and point 2 is valid. But the field in eventAvailableCount in the Job inspector shows the events available for export which should be 657. However, when I export results to CSV, only 650 rows are exporting?

Any idea why is this happening?

0 Karma
Reply

javiergn
SplunkTrust
SplunkTrust
‎02-18-2016 06:49 AM

If you run the same search but specifying an end time, such as:

index=abc earliest=-7d latest=-1h@h

Does it still happen?

0 Karma
Reply

lohitkidu
Path Finder
‎02-18-2016 07:33 AM

Yes it is still happening. after adding latest=-1h@h to the search i got the following
1. events on Timeline: 422
2. Events on "Events Section" : 384
3. CSV results: 387

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...