Re: Search in datamodel

vumanhtai · ‎06-30-2020

Hi Splunk team

The image below is information about my datamodel.
Summary Range 31622400 second (s)
But why do I search for a period of May, the result returns 0 events?

How can i fix it?

Thank all!

anilchaithu · ‎06-30-2020

@vumanhtai

Couple of Q's

whats your SPL command to search the datamodel?

Are you using summariesonly=t in the tstats?

Does the source index has the data for mentioned time period?

The datamodel Status is 92.33% means its not yet completed building the summaries. If you are using summariesonly=t, try removing that attribute and see if it returns all the data.

vumanhtai · ‎06-30-2020

Hi anilchaithu

my search : | tstats count from datamodel=pan_firewall

source index has the data for mentioned time period.

i don't use summariesonly=t in search

Thanks!

Search in datamodel

troubleshooting

using Splunk Enterprise

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation