Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is my field with numeric values not giving results in my search?

patilsh
Explorer
‎06-15-2017 11:10 AM

Hello All,

I have a search which gives the below results:

alt text

As seen it has 100+ call id, now when i expand the callId field and select one value among it, i find no results found

alt text

Can anyone tell me why is it giving no results even when i am selecting the value directly from callId field?

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DalJeanis
Legend
‎06-15-2017 11:28 AM

Okay, here's the first two steps I'd use to diagnose the issue.

First, copy the callId from a particular record (for instance, the one you screen shotted, ending in 1255, into the search and see if the record is found.

If not, then add an asterisk on the end and try again, and also add quotes around the value and try again.

It's possible that the number is not being treated as numeric, in which case one or both of those should work.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

DalJeanis
Legend
‎06-15-2017 11:28 AM

Okay, here's the first two steps I'd use to diagnose the issue.

First, copy the callId from a particular record (for instance, the one you screen shotted, ending in 1255, into the search and see if the record is found.

If not, then add an asterisk on the end and try again, and also add quotes around the value and try again.

It's possible that the number is not being treated as numeric, in which case one or both of those should work.

0 Karma
Reply
Solved! Jump to solution

patilsh
Explorer
‎06-15-2017 11:35 AM

Hey

When i give it callId="30900099472115376270*" , this worked.
Now i dont understand , why is a * needed as the id is 30900099472115376270 and it has not preceding it.

So can you let me know why is * working there ?

Thanks for the help!!!

0 Karma
Reply
Solved! Jump to solution

bhavikbhalodia
Path Finder
‎12-27-2018 05:01 AM

It seems that the format of the field callId is a string and contains space after the value of callId, because of that when you use ***** your problem is solved.

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎06-15-2017 11:59 AM

Basically, the search is either mistaking the format of the callId field, or misinterpreting it somehow.

Okay, try this after the search. If the length is more than 20, then the callId is being extracted with trailing spaces. Not supposed to happen, but maybe it is happening anyway.

| eval callLen = len(callId)
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...