Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Stats Results After Upgrade

dpwtheitguy
Loves-to-Learn Lots
‎07-30-2021 02:28 PM

All,

Just upgraded to 8.2.1 last night and noticed something today with stats.

# This search returns 160k+ events
index=netfw
162276

# This returns a 0 in Smart mode, this search returned data in 8.1.x how ever no data in 8.2.1
index=netfw | stats count
0

# Same search in Verbose mode however returns the count
index=netfw | stats count
162276

Shouldn't Smart mode have returned the count correctly also? It did work that way in 8.1

Labels (1)
Labels
0 Karma
Reply

vivekarora
Engager
‎07-30-2021 10:21 PM

Yes, It should return the same result in both smart and verbose mode.

I am also using Splunk 8.2.1

Attaching the screenshot for your reference.

I am using index=snow, its returing 99 events.

vivekarora_0-1627708660914.png

 

When I am using stats command, index=snow|stats count in verbose mode, its showing same 99 events

vivekarora_1-1627708751298.png

If I am using same stats command in smart mode, its showing same result

index=snow | stats count

 

vivekarora_2-1627708840996.png

 

Hence, the output of stats command in smart and verbose mode in splunk 8.2.1 is same.

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...