Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Missing seconds in Realtime query with 10ms span on python-sdk

timoti
Explorer
‎11-25-2020 02:07 AM

Hi, i'm trying to get Splunk realtime results using splunk's python-sdk.

Everything works well, but in the results, there is a missing second : I don't know whether there is a limitation or if I missed a parameter in the query? This is really embarrassing.

Here's my python code :

Capture d’écran 2020-11-25 à 10.49.12.pngCapture d’écran 2020-11-25 à 10.48.59.png

And here are the results:

As you can see, the entire second :  '2020-11-25T10:42:26' is missing, and will never appear in the results. Do you have any idea where this might come from?

Capture d’écran 2020-11-25 à 10.45.43.png

 

I even tried to "manually" create a timechart using ' search index=_internal bin _time span=10ms | chart count by _time'; and this this case, there is a missing millisecond (not second ).

There is a missing second every 5-10 results

I can't figure out why this is not working properly.

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...