Why are Splunk queries not returning anything in t...

venugoski · ‎09-13-2023

Splunk queries not returning anything in table. I see events matching for these queries but nothing under 'Statistics' section.

1.

index=address-validation RESP_MARKER | rex field=log "\"operationPath\"\:\"(?<path>\w+).*\"operationType\"\:\"(?<type>\w+).*\"region\"\:\"(?<reg>\w+).*" | table path, type, reg

2.

index=club-finder RESP_MARKER | rex field=log "\"operationPath\"\:\"\/(?<path>\w+).*\"operationType\"\:\"(?<type>\w+).*\"region\"\:\"(?<reg>\w+).*\"totalTime\"\:(?<timeTaken>\w+)" | table type, path, timeTaken, reg

richgalloway · ‎09-13-2023

The queries do not contain statistics-generating commands (stats, timechart, etc.) so there is nothing for the Statistics tab to show.

---
If this reply helps you, Karma would be appreciated.

venugoski · ‎09-13-2023

i dont see the stats coming here with stats command as well

index=address-validation RESP_MARKER | rex field=log "\"operationPath\"\:\"(?<path>\w+).*\"operationType\"\:\"(?<type>\w+).*\"region\"\:\"(?<reg>\w+).*" | stats count by path, type, reg

richgalloway · ‎09-14-2023

Make sure the path, type, and reg fields are not null. The stats command will not return results for null groupBy fields.

---
If this reply helps you, Karma would be appreciated.

Why are Splunk queries not returning anything in table?

rex

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation