Giter Club home page Giter Club logo

Comments (6)

brunotm avatar brunotm commented on August 17, 2024

Hello @ctyk3322 sorry for the late reply.

Did you hit this in a dashboard or in the search bar ?

from elasticsplunk.

ctyk3322 avatar ctyk3322 commented on August 17, 2024

@brunotm np, I am running across this issue in the search bar.

from elasticsplunk.

brunotm avatar brunotm commented on August 17, 2024

@ctyk3322 while i wasn't able to reproduce your issue, i did found a problem parsing the earliest/latest timestamps specified (other than relative ones, eg: now-4h, that works correctly). Which i will investigate further.

Can you provide an example of your search with the earliest/latest spec?

Thanks!

from elasticsplunk.

ctyk3322 avatar ctyk3322 commented on August 17, 2024

@brunotm here is my attempt at sharing an example.

If I am in the ElasticSplunk app in Splunk, I would execute the following query and it returns the search data correctly. I can leave the GUI search ticker to 60 minutes, but the earliest time will go back for the year and return the results correctly.

|ess eaddr=elasticsearch-server:9200 index=data query=fooo:data_in_foo tsfield="@timestamp" latest=now earliest="now-1y"

However, if I take the same exact search string and use it in say the "Search & Reporting" app of Splunk, I get 0 results. Now if I use the Splunk GUI timer and search back to the specific time the data exist, then I will get my results as expected.

It seems that the "tsfield="@timestamp" latest=now earliest="now-1y" time field in the search command is not overriding the search time set in the Splunk GUI for the other apps outside of ElasticSplunk.

Hopefully this helps a little bit.

from elasticsplunk.

brunotm avatar brunotm commented on August 17, 2024

@ctyk3322 i couldn't reproduce this.
Setting the earliest/latest in the search command override the timepicker values in my setup (splunk 7 with latest code from master branch).

Which splunk version are you using? Can you test with the latest code from master branch (it has support for nested docs and updated libraries).

from elasticsplunk.

ctyk3322 avatar ctyk3322 commented on August 17, 2024

@brunotm thanks for trying. I will get the code loaded to see if it make a difference. I am running 6.5.2.

I am fine with closing this out in the time being while I dig into this further.

from elasticsplunk.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.