Splunk Search

Contingency: no results found

arpoador
New Member

I have two fields: EventCode (66 distinct values) and date_mday (28 distinct values)

But when I run:

' * | contingency EventCode date_mday '

On over 1.2M events I get no results. What am I doing wrong?
Thanks

Also, suggestion: If a field is mistyped, show it in red if it doesn't exist.

Tags (1)
0 Karma

arpoador
New Member

I used * just to make sure I was looking at the entire event set in case I was missing something. When I changed contingency to ctable (and changed nothing else), I get the table I expected. Interesting. Thanks for your reply.

0 Karma

loatswil
Path Finder

If those are indeed valid fields in the search, I'd look at the time frame. Make sure those events did occur during the selected time frame.

0 Karma

somesoni2
Revered Legend

Could you try to give proper index/sourcetype name instead of using *??

0 Karma
Get Updates on the Splunk Community!

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...