Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Out of 3 clusters why are 2 showing similar results and the third is missing results?

narenpalepu
New Member
‎09-20-2017 10:29 AM

Hi ,
Rest API Splunk query results difference

We have a query running with JDK REST API. We have 3 spunk clusters. The result on 2 clusters is showing full results. where as one cluster is showing only 10 results. The configuration files look same. Is there any parameter I need to adjust to give complete results.

Thanks,

NP

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 10:55 AM

Most obvious question is, do your 3 index clusters have the same data on them? If you run the search against the individual cluster in question, via GUI, do you get proper results?

View solution in original post

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎09-20-2017 01:58 PM

@narenpalupu - You have indicated that your issue is resolved. We've moved the questions and answers together to thread them as comments and replies. This makes the discussion easier to read.

Please accept the answer in order to mark the question as closed.

0 Karma
Reply
Solved! Jump to solution
Solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 10:55 AM

Most obvious question is, do your 3 index clusters have the same data on them? If you run the search against the individual cluster in question, via GUI, do you get proper results?

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 11:16 AM

Three clusters do not share same data but they have similar data with similar no of results.

0 Karma
Reply
Solved! Jump to solution

esix_splunk
Splunk Employee
Splunk Employee
‎09-20-2017 11:36 AM

Does your API user have the same permissions on all the clusters?

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 01:08 PM

Good Question. That helps. I started managing spunk couple of weeks ago. The user roles are same. But one cluster has new index which is missing in search default. other 2 has data in main index. That clarifies. Please mark the issue, resolved.

0 Karma
Reply
Solved! Jump to solution

narenpalepu
New Member
‎09-20-2017 11:15 AM

Yes . Thanks for asking. From GUI we get complete results on all three clusters. From API 2 clusters shows similar to GUI results. One Cluster shows only 10.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...