Splunk Search

Varying search results

zbumpers
New Member

I get different search results when I search using Host and Index.

When I search index=batchfs I get the following result:

2014-08-20 11:16:00.012-04:00 INFO [Timer-0] "com.domain.util.log.PerfLog2.writeLog:418" 
Performance statistics for period 11:06 to 11:16 (10 minutes).
Heap size in bytes is 657668584
LongRunningConnectionLogger:ProcessConnectionEventQ #:20 avg:0 sd:0 min:0 max:0                                                    
host = servername source = D:\path\path\dgw.log sourcetype = dgw

When I search for index=batchfs host=servername I get the same result.

However when I search for host=servername I get no results found.

Why am I unable to search by host name?

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Check the "Indexes searched by default" setting for your role. It probably does not include batchfs.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...