cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sonamchauhan
Engager
Member since: ‎02-02-2023
‎02-15-2023
Community Statistics
Posts 2
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎02-02-2023
View All

Re: Is there a delay in the Splunk API server 'see...

by in Splunk Search
‎02-09-2023 08:22 PM
‎02-09-2023 08:22 PM
OK, I may have solved my own problem (caused by lack of knowledge of how Splunk API jobs work).  Basically, I had too short a delay between creating the job (POST job) and (GET results). I've increased it from 3 to 10 seconds and it seems to be behaving better ... View more

Is there a delay in the Splunk API server 'seeing'...

by in Splunk Search
‎02-09-2023 07:26 PM
‎02-09-2023 07:26 PM
Is there a delay in the Splunk API server 'seeing' events that are already indexed? I use the Splunk API to query logs for some testcases. I can submit a job to the API server (`POST https://<SERVER>:8089/services/search/jobs`). That works fine. But intermittently, the search job returns no results (GET https://<SERVER>:8089/services/search/jobs/<JOB_ID>/results returns a 204/No Content HTTP header, and no HTTP body)  I checked if there was an indexing delay using the command below. Apparently there was not - the relevant logs were ingested and indexed well in time. It's just the Splunk API server that intermittently returns no results.      <SPLUNK QUERY> | eval indextime=strftime(_indextime,"%Y-%m-%d %H:%M:%S")       Any pointers to how I can dig into this further? I'm just a dev, not a Splunk admin, so guidelines on what I do next are much appreciated. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-15-2023 07:13 PM