Splunk Search

no results under events but actually has 22 events which i can see under statistics

surekhasplunk
Communicator

Hi,

I am calling an api to read the data and show in splunk.
Under events its showing 22 but "No results"
Under statistics tab if i pipe search command with | table _raw it shows all the records.

Please help me to show results under events section so that i can further work of field extractions and work on it.

Attached are the events and statistics tab results.

alt text

Tags (3)
0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi surekhasplunk,

Please make sure that you are still in verbose mode when you click the Events tab to view field and event data. Also, I think you can omit the "table _raw" if you want to list all events with your specified source type.

Also, if the data has been successfully pulled through the input phase, could you let me know which sourcetype has been assigned to the events from the source? If there is raw data ingested but no events, it is likely the data has not been successfully parsed. If that is the case, instead of pulling in all the data from the source endpoint, you might as well manually create a sample file from the source and upload it into Splunk to validate the soucetype first.

Hope it helps. Thanks!
Hunter

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...