Hi all
I'm seeing weird behavior in Splunk Enterprise.
When I run a search like this:
index=my_index sourcetype=my_st FIELD_A="foo" OR FIELD_B="bar"
via the CLI or REST API, the result set is null ("This search has completed, but did not match any events"), but if I run this exact search in Splunk Web, I get results. However, if I run the same search again via the CLI or REST API, I get the results !!!
Is a weird behaviour that we have on random executions of ours searches.
I hope that anybody can help me with this issue.
Best regards
Jonathan
↧