My search returns results when run in an app's sea...

Steave4app · ‎12-15-2016

Hi Guys,

I am not getting any result from the main search bar with the search below. Even though the same query is working in the App search bar.

index=protect "File Status"=unsafe user="*" "File Name"="*" | dedup "DeviceName", SHA256, "File Path", "File Name" | stats count by "Classification", "File Status", "DeviceName", "File Name" | addtotals fieldname=sum | sort -count | head 10

I checked with the below searches too.

index=main "File Status"=unsafe user="*" "File Name"="*" | dedup "DeviceName", SHA256, "File Path", "File Name" | stats count by "Classification", "File Status", "DeviceName", "File Name" | addtotals fieldname=sum | sort -count | head 10

and

index=*  "File Status"=unsafe user="*" "File Name"="*" | dedup "DeviceName", SHA256, "File Path", "File Name" | stats count by "Classification", "File Status", "DeviceName", "File Name" | addtotals fieldname=sum | sort -count | head 10

Can someone help me out on this or tell me why the result is not populating?

dmaislin_splunk · ‎12-15-2016

Have you checked to see if the app permissions or the extracted fields are set to global?

Steave4app · ‎12-15-2016

Hi

I have checked that its not global. Its based on app only. How do I change to global as I have not got that option yet. Can you please guide me?

My search returns results when run in an app's search bar, but why are there no results when run in the Search & Reporting app?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor