Hi,
I am executing a search on Splunk through my java application. The search query is executed through the following steps -
jobArgs = new Args();
jobArgs.put("exec_mode", "blocking");
jobArgs.put("earliest_time", startTime);
jobArgs.put("latest_time", endTime);
JobCollection jobs = service.getJobs();
job = jobs.create(searchQuery, jobArgs);
where searchQuery is "index= * ind.* | search ( DeviceId = ABC* ) | stats values(DeviceId)"
The time interval is configured as 10 second intervals.
I have seen that at random times, the above piece of code misses a record in the result set. When the same query is executed on the Splunk server with the same time interval configured in the filter, all the records are returned (including the missing one).
Please share some suggestions on why that may be happening.
Thanks and regards
... View more