My tstats isn't returning results from the other d...

ebs · ‎08-08-2021

Hi,

I have several datasets that have the exact same format with only the source of the data differing. I've duplicated my macros from the dev environment to the test but I'm receiving no results for the test macro, despite when I do the tstats search as a datamodel instead I get results.

Here is the dev search:
tstats summariesonly=true count("dev_metric.exchangeId") as avg_TPS from datamodel=metric by _time, dev_metric.date span=1s
| search "dev_metric.date"=$date$
| stats avg(avg_TPS) as averageTps by dev_metric.date
| eval averageTps=round(averageTps/1000,3)
| appendpipe [tstats count
| where count=0]
| fillnull value=0.000 averageTps
| fields averageTps

Here is the test search:
tstats summariesonly=true count("test_metric.exchangeId") as avg_TPS from datamodel=metric by _time, test_metric.date span=1s
| search "test_metric.date"=$date$
| stats avg(avg_TPS) as averageTps by metric.date
| eval averageTps=round(averageTps/1000,3)
| appendpipe [tstats count
| where count=0]
| fillnull value=0.000 averageTps
| fields averageTps

I've checked the dataset and there are the needed events in there, and I've done a | datamodel search equivalent to tstats that worked fine. What could be the reason I'm receiving no results? And what could be some steps to resolve this?

richgalloway · ‎08-09-2021

Both searches look only at completed datamodel accelerations. Are both data sets accelerated? Are both accelerations completing successfully?

---
If this reply helps you, Karma would be appreciated.

My tstats isn't returning results from the other datasets

stats

tstats

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!