Hi,
I am calling an api to read the data and show in splunk.
Under events its showing 22 but "No results"
Under statistics tab if i pipe search command with | table _raw it shows all the records.
Please help me to show results under events section so that i can further work of field extractions and work on it.
Attached are the events and statistics tab results.
Hi surekhasplunk,
Please make sure that you are still in verbose mode when you click the Events tab to view field and event data. Also, I think you can omit the "table _raw" if you want to list all events with your specified source type.
Also, if the data has been successfully pulled through the input phase, could you let me know which sourcetype has been assigned to the events from the source? If there is raw data ingested but no events, it is likely the data has not been successfully parsed. If that is the case, instead of pulling in all the data from the source endpoint, you might as well manually create a sample file from the source and upload it into Splunk to validate the soucetype first.
Hope it helps. Thanks!
Hunter