Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Blank Character in string

rafamss
Contributor
‎02-18-2015 08:03 AM

Hi,

I have a index configured to get data from a database MSSQL. Well, The data are be obtained with sucess but one column have a string with various blank spaces inside her. When I do my query in Splunk, I don't see the complete string.

Example of content of the String Field: Error in the database. Contact the admin.

I see in Splunk the content of column, in Search , but I don't can find the content by query like a parameter by example.

Example:

index="my index" StringField="Error in the database. Contact the admin."

The result of this query don't return anything. But there are data with this parameter in index.

What I can do ?

Thanks an advance,

RM

0 Karma
Reply

rafamss
Contributor
‎02-19-2015 02:32 AM

Hi Hiroshi,

Interesting! But in my Search query, it isn't works. See the images below.

In the first image, the search query return my search; In the second image, the left side panel don't shows my search query and in the third image, the search query, I aggregates the search query using the stats command, but in the panel Statistics, doens't show this.

What do you think ?

Image 1
alt text

Image 2
alt text

Preview file
125 KB
Preview file
207 KB
0 Karma
Reply

rafamss
Contributor
‎02-19-2015 02:34 AM

I can't insert the third image, sorry.

0 Karma
Reply

HiroshiSatoh
Champion
‎02-19-2015 04:05 AM

I think that it has failed to field extraction. I think that it needs re-definition of the field.

0 Karma
Reply

rafamss
Contributor
‎02-19-2015 04:51 AM

I think too. I'll verify this and return. Tks!

0 Karma
Reply

HiroshiSatoh
Champion
‎02-19-2015 12:04 AM

I can search so, cause you can not find it I think is in the other.

alt text

Preview file
17 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...