brunotm
commented
6 years ago @jpferrero Splunk will see the results as statistics because it doesn't have them indexed, but generated by a search command as if you ran the data through stats. This is the expected behaviour.
Hello!
When performing a search in with elasticsplunk, the results always appears in the statistic tab instead event tab... It seems it's related to search_command but I've tried to add retainsevents = true in the commands.conf but nothing have changed. Is this the normal behaviour?
Thanks,