Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Stats Results After Upgrade

dpwtheitguy
Loves-to-Learn Lots
‎07-30-2021 02:28 PM

All,

Just upgraded to 8.2.1 last night and noticed something today with stats.

# This search returns 160k+ events
index=netfw
162276

# This returns a 0 in Smart mode, this search returned data in 8.1.x how ever no data in 8.2.1
index=netfw | stats count
0

# Same search in Verbose mode however returns the count
index=netfw | stats count
162276

Shouldn't Smart mode have returned the count correctly also? It did work that way in 8.1

Labels (1)
Labels
0 Karma
Reply

vivekarora
Engager
‎07-30-2021 10:21 PM

Yes, It should return the same result in both smart and verbose mode.

I am also using Splunk 8.2.1

Attaching the screenshot for your reference.

I am using index=snow, its returing 99 events.

vivekarora_0-1627708660914.png

 

When I am using stats command, index=snow|stats count in verbose mode, its showing same 99 events

vivekarora_1-1627708751298.png

If I am using same stats command in smart mode, its showing same result

index=snow | stats count

 

vivekarora_2-1627708840996.png

 

Hence, the output of stats command in smart and verbose mode in splunk 8.2.1 is same.

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...