Re: Why is the same search returning different res...

pop1989 · ‎03-23-2015

I use Splunk to calculate user's Internet hits. There are about 710 thousands entries. I searched several times, but the results are different. Does anyone know why this happens?

rey123 · ‎09-14-2019

@pop1989 , could you please answer the questions others have asked? Are you running the search on an absolute time range?

chimell · ‎03-25-2015

Hi pop1989
I think that your problem is caused by the data which are non stable , if your data come continuously into splunk , it is evident that the results change.
To verify this approach , specify a time range for you request . And let analyse your search result.

somesoni2 · ‎03-24-2015

Is the data coming to Splunk continuously? Are you using Time ranges like 'Last 4 Hrs' OR 'Since <>'? If yes than The time range is getting changed every time you run the search, causing search result to be different.

neelamssantosh · ‎03-23-2015

hi Pop,

Hope you are not running the search for AllTime, as in AllTime along with events the time value also gets changed.

Kindly confirm by running the search query for specific time range.

Why is the same search returning different results each time it is run?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!