Previous Topic: Management port | Next Topic: What is the fishbucket used for and what effect will removing some have on Splunk?
I'm very surprised to see that whenever Splunkweb announces a number of events, below, I see exactly the double of events: if Splunk says it has found 3 events, below I see exactly 6 events, three original ones and three duplicates that are perfectly identical, come from the same host...
Could there be a logical reason for this?
If a bug may be behind this, I should point out that I changed the datastore location before.
There's another bug when I scroll down to the bottom of a relatively long list of events (say >30). Instead of showing me the end, the same event is repeated again and again and if I scroll back up, the top has gone blank.
Are you using 3.1.5?
Are you using distributed search? If so, this is a known bug. The workaround is to pipe your search to "nopartials" to eliminate the superfluous calls to the other nodes in distributed.
If you are using 3.1.5 and NOT using distributed search, please email support@splunk.com, let them know the version you are using, your platform, and that you are not using distributed search. Please also attach a screen shot of the behavior.
You must be logged in to post a reply.
Flash required to play this video.
Click here to download the free Flash Player.