Hello all, I have a query which creates a table similar to the following: | table S42DSN_0001 S42DSN_0010 The table populates data within the S42DSN_0001 column, but not the S42DSN_0010 colu...
See more...
Hello all, I have a query which creates a table similar to the following: | table S42DSN_0001 S42DSN_0010 The table populates data within the S42DSN_0001 column, but not the S42DSN_0010 column. I've double checked that there is definitely data captured within that field by looking at the events. There are 20 similarly named fields using the format S42DSN_00## which are found within the raw event data. Only the first 8 return results using the above query. For example the following works fine: | table S42DSN_0001 S42DSN_0002 Any thoughts on why this might be happening? I am wondering if events past iteration S42DSN_0008 are not considered interesting, so Splunk is leaving them out of the results? Oddly enough, if I change my time period to the past 30 days, and use S42DSN_0010=* as a search criteria, I receive some, but not all results within that column. Thanks in advance, Trevor