Deployment Architecture

Out of 3 clusters why are 2 showing similar results and the third is missing results?

narenpalepu
New Member

Hi ,
Rest API Splunk query results difference

We have a query running with JDK REST API. We have 3 spunk clusters. The result on 2 clusters is showing full results. where as one cluster is showing only 10 results. The configuration files look same. Is there any parameter I need to adjust to give complete results.

Thanks,

NP

0 Karma
1 Solution

esix_splunk
Splunk Employee
Splunk Employee

Most obvious question is, do your 3 index clusters have the same data on them? If you run the search against the individual cluster in question, via GUI, do you get proper results?

View solution in original post

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

@narenpalupu - You have indicated that your issue is resolved. We've moved the questions and answers together to thread them as comments and replies. This makes the discussion easier to read.

Please accept the answer in order to mark the question as closed.

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Most obvious question is, do your 3 index clusters have the same data on them? If you run the search against the individual cluster in question, via GUI, do you get proper results?

0 Karma

narenpalepu
New Member

Three clusters do not share same data but they have similar data with similar no of results.

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Does your API user have the same permissions on all the clusters?

0 Karma

narenpalepu
New Member

Good Question. That helps. I started managing spunk couple of weeks ago. The user roles are same. But one cluster has new index which is missing in search default. other 2 has data in main index. That clarifies. Please mark the issue, resolved.

0 Karma

narenpalepu
New Member

Yes . Thanks for asking. From GUI we get complete results on all three clusters. From API 2 clusters shows similar to GUI results. One Cluster shows only 10.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...