Missing seconds in Realtime query with 10ms span o...

Splunk Search

Hi, i'm trying to get Splunk realtime results using splunk's python-sdk.

Everything works well, but in the results, there is a missing second : I don't know whether there is a limitation or if I missed a parameter in the query? This is really embarrassing.

Here's my python code :

And here are the results:

As you can see, the entire second : '2020-11-25T10:42:26' is missing, and will never appear in the results. Do you have any idea where this might come from?

I even tried to "manually" create a timechart using ' search index=_internal bin _time span=10ms | chart count by _time'; and this this case, there is a missing millisecond (not second ).

There is a missing second every 5-10 results

I can't figure out why this is not working properly.

Get Updates on the Splunk Community!

Missing seconds in Realtime query with 10ms span on python-sdk

timechart

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation