Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

tstats unable to get any results when specifying dataset in FROM clause

att35
Builder
‎08-29-2021 10:10 AM

Hi,

We are in the process of migrating all Apps/Config's from an older standalone instance(7.2.4.2) to a newer SHC(8.1.1). A datamodel was also migrated along with the App and appears to be working fine in terms of acceleration statistics. But when I try to access using tstats, format that worked previously returns nothing.

| tstats summariesonly=t count FROM datamodel="modelname.dataset" by dataset.field

DM_inspect.png

But if I do not mention dataset in the FROM cause, it works just fine.

| tstats summariesonly=t count FROM datamodel="modelname" by dataset.field

 

Could I have missed something during the migration? What could be causing the previous command to not work.

Labels (1)
Labels
Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...

Announcing Our Splunk MVPs

We are excited to announce the first cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...