When you search only for the string "linux*", Splunk will look for matches to that string / pattern in the raw event data only. You may have any number of events with the "linux_secure" sourcetype, and it's possible that none of those events contain the "linux" string - either at all, or for the time range you currently have selected in the time picker (have you tried expanding the time range?).
Additionally, it is best practice to explicitly specify one or more indexes from which to search for events, as the user you're logged in as may only be configured to search a subset of those indexes you're allowed to search by default (i.e. without an explicit index={indexname} clause added to your search). For example, Splunk may have relevant data in the "os" index for you, but by default your user account is only configured to search the "main" index without explicit "index=" statements in your search query. In this situation you can find the relevant data in the "os" index by adding "index=os" to your search query.
If you are the admin user to the Splunk instance you're using, look in the Access Controls settings at the admin role configuration at the "indexes searched by default" section and adjust as needed to add "all non-internal indexes" or something else more appropriate to your specific needs. If you're not the admin, I recommend you contact that person to review your current role assignment and/or role configuration.
Additionally, since you are new to Splunk, I recommend looking at the Search Tutorial and Search Manual, both found in the Splunk Docs site. Splunk has excellent product documentation that's useful for users of all experience levels.
Hope this helps!
... View more