Hello,
I've been following the free course for Splunk Fundamentals 1 and now I'm on lab 5. I have completed everything successfully up to this point. It is on basic searching and asks me to search "fail* AND password" over All-time. This is where my issue comes into play.
When I search over all-time I get 0 results. If I search last week 9,493. If I search last month 49.946.
I have verified that I have the correct number of indexed events. My hosts are correct. Why do I get 0 results under all-time? I have also tested under both admin and power accounts and get the same results.
↧