Re: Why do the results exported to CSV not match t...

lohitkidu · ‎02-18-2016

Hi ,

I have a search without any statistic/transformation command like index=abc earliest=-7d. I am getting following information on events:
1. Total Events:689 (in timeline and eventCount in Job Inspector)
2. Events in "Events Section": If I navigate through all pages then there are total of 657 events and eventAvailableCount in Job Inspector.
3. If I export results to CSV then there are only 650 rows.

I get that if I do not use statistic/transformation command, then difference in point 1 and point 2 is valid. But the field in eventAvailableCount in the Job inspector shows the events available for export which should be 657. However, when I export results to CSV, only 650 rows are exporting?

Any idea why is this happening?

javiergn · ‎02-18-2016

If you run the same search but specifying an end time, such as:

index=abc earliest=-7d latest=-1h@h

Does it still happen?

lohitkidu · ‎02-18-2016

Yes it is still happening. after adding latest=-1h@h to the search i got the following
1. events on Timeline: 422
2. Events on "Events Section" : 384
3. CSV results: 387

Why do the results exported to CSV not match total number of events?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor