OK. In more detail.
splunk-7.3.0-657388c7a488.x86_64
Running on Centos 7
The query I'm running in the default Splunk Search GUI is:
source="/var/log/splunk-test.log" index="testing" sourcetype="_json" | where systemStatus=1
The most recent record returned by this query is:
{"systemStatus": 1, "device": "Core 3", "temp": "34.0", "message": "", "time": "2019-08-07T*06*:01:08.329579"}
When I run the same query via the Python splunk-sdk 1.6.6 API wrapper I see many more recent records including this one:
{"systemStatus": 1, "device": "Core 3", "temp": "36.0", "message": "", "time": "2019-08-07T*23*:39:50.879879"}
Other than this odd temporal behaviour the query works properly in both environments
... View more