- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is Splunk rest api result not returning aggregated field?
search index=abc dp_"response"| stats perc95(api_time_taken) as abc by api
This is the search query I am using while invoking through splunk rest API.
In the result, I am not getting the abc field, only the API values are listed . Is there anything specific I need to do to include perc95,avg or max values in the result.
From UI, it works completely fine where it shows the abc column with the 95 percentile value
If someone can guide me, it would be really helpful.
Thanks,
Santosh
Thank,
Santosh
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, @santoshbwn any update on your issue?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, any update on your issue, Im facing similar problem when reading from SPLUNK Rest APi via ADF using
| eval compliant=if(Days<60, "Yes", "No")]
| chart count(host) by system compliant | addtotals | eval No=round((100*No/Total),2) | eval Yes=round((100*Yes/Total),2) | fields – Total Yes No
I see the correct result via UI but only the summary in the ADF result
