Splunk Search

Contingency: no results found

arpoador
New Member

I have two fields: EventCode (66 distinct values) and date_mday (28 distinct values)

But when I run:

' * | contingency EventCode date_mday '

On over 1.2M events I get no results. What am I doing wrong?
Thanks

Also, suggestion: If a field is mistyped, show it in red if it doesn't exist.

Tags (1)
0 Karma

arpoador
New Member

I used * just to make sure I was looking at the entire event set in case I was missing something. When I changed contingency to ctable (and changed nothing else), I get the table I expected. Interesting. Thanks for your reply.

0 Karma

loatswil
Path Finder

If those are indeed valid fields in the search, I'd look at the time frame. Make sure those events did occur during the selected time frame.

0 Karma

somesoni2
Revered Legend

Could you try to give proper index/sourcetype name instead of using *??

0 Karma
Get Updates on the Splunk Community!

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...