Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Different Results From Same Query

jack_sumatra
Explorer
‎02-23-2021 10:35 PM

I have question.

 

Can anyone explain why same search query given different results in different time range?

This is time range between 2021-02-24, hour 08:00:00 to 10:59:59

image_2021-02-24_133247.png

 

This is time range between 2021-02-24, hour 09:00:00 to 09:59:59

image_2021-02-24_133355.png

 

Why the result on hour 09:00:00 different, one show 81 and the other one 387.

 

Thank you

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-23-2021 11:36 PM

Hi @jack_sumatra,

Have you the same events in both the time periods?

probably you have different events in the second one so you have a different result, it isn't a strange behaviour. 

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-23-2021 11:36 PM

Hi @jack_sumatra,

Have you the same events in both the time periods?

probably you have different events in the second one so you have a different result, it isn't a strange behaviour. 

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-13-2021 02:49 AM

Hi @jack_sumatra,

good for you, see next time!

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...