Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why Interesting field Showing values count when i click its showing 0 events and if i use * then its work?

abhishekdubey00
Engager
‎08-10-2023 03:30 AM

Interesting field Showing values count when I click its get automatically added search  its showing 0 events and if i use * then its work if i search for particular string then its showing 0 events

 

index=abc 

 Index=abdc cluster_name="abc"   (not working)
 Index=abdc cluster_name="*"      Showing Result 

Labels (2)
Tags (1)
Preview file
21 KB
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-11-2023 03:00 AM

Hi

when you are using cluster_name="*" are you getting the "abc" in a result set or not?

If yes then the normal situation is that your data and tokenisation for it has some "issue/challenge".  There could be some ways to fix it with conf files based on what is actually reason for that.

When you are searching it by cluster_name = "*abc" or with another time cluster_name = "abc*" did those works?

You should also look the raw event how it's on index and how it's is tokenised.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...