cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
anilchauhanmanu
Explorer
Member since: ‎09-15-2014
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎09-15-2014
View All

Re: How to return raw data results from subsearch ...

by in Splunk Search
‎10-10-2014 02:45 AM
‎10-10-2014 02:45 AM
thanks peter its working..Really thanks a lot. ... View more

Re: How to return raw data results from subsearch ...

by in Splunk Search
‎10-10-2014 12:36 AM
‎10-10-2014 12:36 AM
HI buddy, thanks for for your suggestion buddy but its not working even i have put this also | ESBDPUUID _raw.It only shows result when i remove these table and put only query then it combines with each field and shows result.\ It even not creating field with blank values when i put ESBDPUUID but creates a feild if i put something random like ESB or any other feild. ... View more

How to return raw data results from subsearch quer...

by in Splunk Search
‎10-09-2014 03:04 AM
1 Karma
‎10-09-2014 03:04 AM
1 Karma
I can't return _raw data from subsearch as below , but i can find this raw data if i use it in separate main search . I'm able to get _raw data when this join was not working properly if i remove ESBDPUUID from main search. index=esb_dev earliest=-14d@d latest=@d sourcetype="datapower_audit" status="FAILURE" OR STATUS="ERROR" |stats values(ESBDPUUID),values(status),count by ESBDPUUID,host,svc_bp_name _time | join type=left ESBDPUUID[search index=esb_dev sourcetype="datapower_Error" |table _raw ] this is not displaying the result but when i remove table _raw then i can see the result well. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All