Solved: Why does an ODBC query show a different result fro...

big_twilde · ‎07-14-2015

Hi,

I have a simple report/saved search with fixed time (-8@w1 to +1@w1) that calculates a timechart from a long list of 5min timespans with a binary up/down metric that reflects if that interval was OK.

| savedsearch KPI_BCP_Crawler_Delay | timechart span=1week avg(up) as up

Everything works fine, but partial values (i.e. current week) in the report seem to be handled differently once searched by ODBC.

While Splunk gives me ...

_time   up
...
7   2015-06-29  0.631448
8   2015-07-06  0.681052
9   2015-07-13  0.750000   <-- current week

... Excel/ODBC gives me:

_time   up
...
29.06.2015  0,631448
06.07.2015  0,681052
13.07.2015  0,949901 <--- different value than in Splunk, mostly near 1

Would be glad for a hint or a way how to debug this.

Best,
Thomas

big_twilde · ‎07-16-2015

Hi,

I found a workaround: the issue disappears, when you change the timeframe from (-8@w1 to +1@w1) to (-8@w1 to now).

Best,
Thomas

View solution in original post

big_twilde · ‎07-16-2015

Hi,

I found a workaround: the issue disappears, when you change the timeframe from (-8@w1 to +1@w1) to (-8@w1 to now).

Best,
Thomas

Why does an ODBC query show a different result from the Splunk timechart report?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?