Splunk Dev

Splunk SDK search with aggregates returns zeros for aggregate values.

cwilen
Engager

I'm trying to export data from Splunk using the Java SDK. The search I'm using includes aggregate functions avg, min and max. The search works fine in Splunk Search web app but when exporting via SDK the aggregate values return zeros. A count value does return data as well as the time field. I've exported the values as JSON, XML and CSV and all return values in the raw output stream. Is this an issue with the aggregates values being decimals? Are they handled differently?

Tags (2)

Neeraj_Luthra
Splunk Employee
Splunk Employee

The search query string, when used from Java SDK needs to have special characters like backslash (\) properly escaped. After working more with @cwilen we learnt that lack of escaping these characters was causing this problem.

Lesson learned: The search query string that works in Splunk UI may not work as-is from the SDK if it has special characters that need escaping.

0 Karma

Neeraj_Luthra
Splunk Employee
Splunk Employee

I believe we are helping you through the support case. We will update this post once we are able to resolve your issue with the findings from that case.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...