Hi ,
I am pretty sure that i am fetching records from a specific table having 420 records exactly not more than that.As i'm using Splunk DB Connect, there i have an option to select Database,DB schema,and Database Table as well.
So,i'm sure that fetching records from the table that i want to search. In Splunk DB Connect App i have an another option to search records by clicking "fetch Records " button.
Even though i'm using the same i got the events more than 10000+.
Here is my search string ==> index=main source=mi_input://transactions sourcetype=transactions
my query is ==> select * from [dbo].[TEST_DB].[transactions]
transactions is my tablename
By executing the query i can able to fetch the exact 420 records, but the same can't happening in search.
Can anyone figure it out.
Thanks,
sai bhaskar
... View more