Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Stats Results After Upgrade

dpwtheitguy
Loves-to-Learn Lots
‎07-30-2021 02:28 PM

All,

Just upgraded to 8.2.1 last night and noticed something today with stats.

# This search returns 160k+ events
index=netfw
162276

# This returns a 0 in Smart mode, this search returned data in 8.1.x how ever no data in 8.2.1
index=netfw | stats count
0

# Same search in Verbose mode however returns the count
index=netfw | stats count
162276

Shouldn't Smart mode have returned the count correctly also? It did work that way in 8.1

Labels (1)
Labels
0 Karma
Reply

vivekarora
Engager
‎07-30-2021 10:21 PM

Yes, It should return the same result in both smart and verbose mode.

I am also using Splunk 8.2.1

Attaching the screenshot for your reference.

I am using index=snow, its returing 99 events.

vivekarora_0-1627708660914.png

 

When I am using stats command, index=snow|stats count in verbose mode, its showing same 99 events

vivekarora_1-1627708751298.png

If I am using same stats command in smart mode, its showing same result

index=snow | stats count

 

vivekarora_2-1627708840996.png

 

Hence, the output of stats command in smart and verbose mode in splunk 8.2.1 is same.

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Alpha Launch: AI-Assisted Auto-Schematization for CIM

Streamlining Data Onboarding: Announcing the Alpha Release of AI-Assisted Auto-Schematization For many Splunk ...

Enterprise Security(ES) Essentials or Premier? Let's discuss Splunk ES Editions on ...

  Hi everyone, Last year at .conf25, we shared something exciting: Splunk Enterprise Security is evolving ...

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 5

Advent of CodeIn order to participate in these challenges, you will need to register with the Advent of Code ...