Hi,
In my Splunk logs, I have a field called location which stores values like"
SINGAPORE (ABC)
WASHINGTON DC (ABC)
HONG KONG (ABC)
NEW YORK (ABC)
HO CHI MINH CITY VIETNAM (ABC)
But when I run a search |stats count by location the table which is displayed is:
SINGAPORE (ABC) 500
WASHINGTON 300
HONG 700
NEW 600
HO 300
As you can see every value except "SINGAPORE (ABC)" is automatically getting truncated as "HONG" or "NEW".
This also has an impact on my dashboard visualization bar chart.
But when I right-click on "NEW" and view events the logs which are displayed has the whole value "NEW YORK".
I request your help in correcting this issue.
Thanks.
... View more