Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

help on a search wich returns random results

jip31
Motivator
‎10-15-2020 06:05 AM

Hello

When I run the search below, it returns random results!

Sometimes, 1 event is displayed and a few minutes after there is no events returned

And sometimes, it's the same event returned excepted the _time field of the vent which is not the same for even so the same hostname!

[| inputlookup host.csv 
    | table host 
    | rename host as USERNAME ] `wire` earliest=-30d latest=now 
| fields USERNAME SNR RSSI 
| eval USERNAME=upper(USERNAME) 
| eval time=strftime(_time,"%Y-%m-%d %H:%M") 
| search USERNAME=NTTA* 
| lookup all.csv HOSTNAME as USERNAME output SITE DESCRIPTION_MODEL BUILDING_CODE ROOM 
| stats last(time) as "Event time" last(RSSI) as RSSI, last(SNR) as SNR, last(DESCRIPTION_MODEL) as Model, last(SITE) as Site, last(BUILDING_CODE) as Building last(ROOM) as Room by USERNAME 
| where (RSSI >= "-72" AND RSSI <= "-77") AND SNR <= "15" 
| rename USERNAME as Hostname 
| table "Event time" Hostname RSSI SNR Model Site Building Room

 

How explain this please??

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

jip31
Motivator
‎10-15-2020 06:45 AM

I wonder if the issue is not in | where (RSSI >="-72" AND RSSI <="-77") AND SNR <"15" ?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...