Splunk Enterprise

Issue with some records indexing and not others...

msarro
Builder

Hey everyone. I am trying to index some sizable CSV files (each line in the file is approximately 200 fields). The thing is, I'm noticing that certain fields aren't being indexed all of the time. For example, 8 fields in there is a field called "Direction." When searching in splunk, filtering for "Direction" yields nothing when limited with other search criteria, even though in the source data I can see the field is populated. Yet for other records it shows up just fine and is definitely indexed (it shows under the "pick fields" list as having some hits).

Anyone have any ideas?

0 Karma
1 Solution

msarro
Builder

Nm, I was being dumb and hadn't selected the field under "Pick Fields." PEBCAK 🙂

View solution in original post

0 Karma

msarro
Builder

Nm, I was being dumb and hadn't selected the field under "Pick Fields." PEBCAK 🙂

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...