Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

eventtype with Russian text causes "| stats count by tag" to return no results

mgaraventa_splu
Splunk Employee
Splunk Employee
‎07-25-2014 04:06 AM

If I run the search:

tag=S100 | stats count

it returns the correct results. So the tag can be searched, but there is no tag field in the fields list. If instead you run this search:

tag=S100 | stats count by tag

it doesn't return any result. I could reproduce the issue both on Splunk 6.1.1 and 6.0. After replacing the Russian text in Message="" in the eventtype definition in eventtypes.conf with any English text, it started to work as expected.

Could you please tell me if this is a bug and how this can be workarounded?

Thanks in advance.

Reply
1 Solution
Solved! Jump to solution
Solution

mgaraventa_splu
Splunk Employee
Splunk Employee
‎07-25-2014 04:09 AM

Yes, there is an open bug for it, currently under analysis, but unfortunately not fixed yet. As soon as there are more details about it, I will update it here.

As a workaround, if your eventtypes.conf looks like this:

[test]
search = sourcetype=testST Message="Русский текст"

you could try to look up the field as explained here:

http://docs.splunk.com/Documentation/Splunk/6.1.1/SearchTutorial/Usefieldlookups

Hope this helps.

View solution in original post

Reply
Solved! Jump to solution
Solution

mgaraventa_splu
Splunk Employee
Splunk Employee
‎07-25-2014 04:09 AM

Yes, there is an open bug for it, currently under analysis, but unfortunately not fixed yet. As soon as there are more details about it, I will update it here.

As a workaround, if your eventtypes.conf looks like this:

[test]
search = sourcetype=testST Message="Русский текст"

you could try to look up the field as explained here:

http://docs.splunk.com/Documentation/Splunk/6.1.1/SearchTutorial/Usefieldlookups

Hope this helps.

Reply
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...