Preface: I've already looked through the other answers and any examples I found/tried didn't fix the problem.
Problem: Getting log events pushed to Splunk from Jenkins, but the dashboard app shows nothing. I'm thinking it's the meta-data configuration that's wrong. Does anyone have a good working example of what the meta-data configuration should look like on the Jenkins side? We're using pipelines, if that makes a difference. If anyone has suggestions that aren't around the meta-data configuration please feel free to let me know.
For Splunk version 6.5 or later, it is recommended to use the plugin's default config
For Splunk 6.3.x or 6.4.x, please adjust the default sourcetype to json:jenkins:old (please remove it if Splunk get upgraded to latest version otherwise data will be extracted twice)
Can you get any results for below two searches?
index=jenkins_statistics event_tag=job_event index=jenkins_statistics job_event
if you see events but not data in dashboard, the first thing i will check is if the indexes that are shipped with the app are searched by default by the user who looks at the dashboard
navigate to settings -> access control -> roles -> the role your user has -> scroll down all the way -> add the 4 jenkins indexes to indexes searched by default.
in the meantime,
you can open a panel in search by clicking the magnifying glass icon on panels buttom
at the begging of the search string, place
index=* and run the search, if it works, then great. if not, will check next that the app is set to global so all knowledge objects are global