Solved: Inconsistent search result

PeterEccles · ‎12-23-2020

I have been using the range picker for a long time to run a search against data ingested the previous day. I normally use the Date Range picker and select the date between yesterday’s date 00:00 and yesterday’s date 24:00. This has worked fine for me. I was told that I can just use the "Yesterday" preset (or add earliest=-d@d latest=@d to the query). I know its obvious, but I missed it.

I get different results if I use the preset "Yesterday" against what I have been doing with the date picker. This is not a minor difference.

Can anyone think why this might be happening?

Thank you!

PeterEccles · ‎12-24-2020

Please ignore this. I made a mistake 😞

View solution in original post

annbrown · ‎12-24-2020

It's okay, it happens. Meanwhile, I would like to say that I'm a dissertation literature review writer.

PeterEccles · ‎12-24-2020

Please ignore this. I made a mistake 😞

to4kawa · ‎12-23-2020

My sample query's result is following(Today is 12/24):

yesterday: 57,233 events (12/22/20 12:00:00.000 AM to 12/23/20 12:00:00.000 AM) 12/23 00:00:00~24:00:00:123,998 events (12/23/20 12:00:00.000 AM to 12/24/20 12:00:00.000 AM)

I think @d is not the intended date.

PeterEccles · ‎12-24-2020

-d@d is 100% coming back with the correct date (yesterday) it just not the same number of results as when I pick the date from the ranger picker.

Inconsistent search result

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Inconsistent search result

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!