We use the splunk search endpoint to get notable events using the search endpoint services/search/jobs search=search `notable` earliest_time=(currentTime - 2min) latest_time=(currentTime) adhoc_search_level=smart When search is completed services/search/jobs/<sid> dispatchState = DONE We get results services/search/jobs/<sid>/results We don't get all the results. But when we make the same search with same time ranges around 10 to 15 mins later, we get the results which we missed in the realtime search. Why do we get the issue and how do we resolve the issue ?
... View more