Search Help

mkhatri · ‎07-12-2021

Hello , I am trying to get the sales report for 3 months but the search results only gives the result for last 15 days. Results before 15 days are all zeros. the job notification shows :

[pdx-nav-non-prod-splunk-idx-240-132] Your search has been restricted to a time span of 1296000 seconds. i.e. 15 days.

So my question is how can i get the full report for 3 months or how can i increase the time span of a search .

mkhatri · ‎07-12-2021

Yes .Maybe that's why i didn't have index on my splunk settings. Thank you @michel_wolf .

gcusello · ‎07-12-2021

Hi @mkhatri,

what's the retention of the index containing those data?

maybe you have on that index a retention of 15 days.

In addition, could you share the search you're using?

Ciao.

Giuseppe

mkhatri · ‎07-12-2021

Hii , i am not able to see the index on my splunk settings. The search i am using is :

index=nav_app_message_gateway event=sentMessageTo* status=200 | timechart count by templateId

michel_wolf · ‎07-12-2021

Hi,

I think you need to ask your splunk admin, maybe you have some role restrictions here like:

Search Help

search job inspector

timechart

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms