Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I getting "No matching events found" on the next page when I click on _time in my search results?

lksridhar
Explorer
‎12-19-2016 12:58 AM

Hi Everyone,

I have written the search below to display the information about integer and seconds value and other data. It is displaying all the information on the dashboard, but when I click on the _time field, it is not displaying any data on the next page, and I'm getting "No matching events found"could you please any help me on this?

Search:

index=web_usit source="/weblogs/com9072/clusterB-02/resolvetransactionservices.log" TransactionSearchController OR TransactionSearchDelegateImpl | dedup _raw | transaction startswith="Entered Search Transaction(s)" endswith="Transaction Search Query [] Time" | rex field=_raw ", Integer=\[(?\d+)\]" | rex "=\s+(?[\d\.]+)" | rename seconds AS total_search_time | rename Integer AS Result_Count | table _time,  total_search_time, Resuld_Count,

data like

0 Karma
Reply

cmerriman
Super Champion
‎12-19-2016 07:48 AM

My guess is that it has to do with the transaction. When you click on _time, what does the query change to?

0 Karma
Reply

lksridhar
Explorer
‎12-19-2016 08:34 PM

I'm trying to do the transaction between the events and if we click on _time row it should show the group of event in next page.

Raw data:

Dec 06, 2016 10:02:04 AM CST INFO (TransactionSearchController.java:48) - String=[Entered Search Transaction(s)]
Dec 06, 2016 10:02:05 AM CST INFO (TransactionSearchDelegateImpl.java:45) - String=[Initiating Transaction search for Query], String=[test567]
Dec 06, 2016 10:02:05 AM CST INFO (TransactionSearchDelegateImpl.java:48) - transaction search without timeout
Dec 06, 2016 10:02:39 AM CST INFO (TransactionSearchDelegateImpl.java:54) - String=[Transaction Search Results. Transactions Count Is], String=[test567], Integer=[60]
Dec 06, 2016 10:02:39 AM CST INFO (TransactionSearchDelegateImpl.java:55) - Transaction Search Query [test567] Time (in seconds) = 34.267

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...