Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

outputlookup command doesnt send all the results of the query to the kvstore.

vn_g
Path Finder
‎04-10-2020 04:21 AM

Running the search query - returns 18 results in Statatics tab.
Running the search query with outputlookup command - returns 18 results in Statatics tab.
But when trying to query using inputlookup - returns 15 results in Statatics tab.

What could be the reason?

alt text

Labels (2)
Labels
Preview file
78 KB
Preview file
71 KB
0 Karma
Reply

DalJeanis
Legend
‎04-10-2020 12:57 PM

Shot in the dark. Check your query for duplicate results on anything that might be a key.

If that's not it, then please show the actual results, or a dummy version of what you see, so we can look further.

0 Karma
Reply

vn_g
Path Finder
‎04-13-2020 12:29 AM

Updated the screenshots for sample data. Their are other fields , which doesnt have the same value for every record.

inputlookup - RecordNo missing "5e940a21a0c53f0837420063"
outputlookup - xtime missing "2020-04-08T00:12:00.809"

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...