Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

tstats unable to get any results when specifying dataset in FROM clause

att35
Builder
‎08-29-2021 10:10 AM

Hi,

We are in the process of migrating all Apps/Config's from an older standalone instance(7.2.4.2) to a newer SHC(8.1.1). A datamodel was also migrated along with the App and appears to be working fine in terms of acceleration statistics. But when I try to access using tstats, format that worked previously returns nothing.

| tstats summariesonly=t count FROM datamodel="modelname.dataset" by dataset.field

DM_inspect.png

But if I do not mention dataset in the FROM cause, it works just fine.

| tstats summariesonly=t count FROM datamodel="modelname" by dataset.field

 

Could I have missed something during the migration? What could be causing the previous command to not work.

Labels (1)
Labels
Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...