Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

metadata doesn't return correct events due to specific date

indeed_2000
Motivator
‎10-31-2021 07:27 AM

Hi

I have several file in "myindex", when I set date "yesterday" I expect show just yesterday files , but it return older than yesterday files somtimes!

e.g today is 10/31/2020, and I run this spl (time set to yesterday)

 

command:

| metadata type=sources index=myindex

output:

/app/20211031/server1.20211031.zip

/app/20211031/server2.20211031.zip

/app/20211025/server2.20211025.zip

 

FYI: modify date of this file server2.20211025.zip belong to 20211025

 

Any idea?

Thanks,

Labels (4)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...