- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- dashboards not populated when new index defined
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have created a new index (new_relic) and added the account input settings - the new_relic index is populated with my application
(just the one currently) however the application dashboard does not work.
If i then use the 'main' index as per the setup screenshots - the dashboards work with the same data thats alos populating the new_relic index
how to populate the dashboards using the new_relic index created.
Have checked permissions etc, new index is in context of new relic TA, the new_relic index correctly uses the newrelic:applications sourcetype.
The macro 'getsources' runs ok but only uses the 'main' index
thx
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe you are supposed to modify the getsources macro and change main to new_relic and then everything should work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe you are supposed to modify the getsources macro and change main to new_relic and then everything should work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks mate - that was it.
The 'main' index wasn't specified in the macro so thats what was throwing me - so i guess it just default there.
So i changed the 'get_sources(4)' macro from:
(sourcetype=$new_sourcetype$ source=$new_source$) OR (sourcetype=newrelic_account source="$old_source$" account_id=$account_id$ ) | eval new_source = if(sourcetype="newrelic_account",input_name +":" + account_id,source), account_id = if(sourcetype="newrelic_account",account_id, rtrim(new_source,":") )
to
index=new_relic (sourcetype=$new_sourcetype$ source=$new_source$) OR (sourcetype=newrelic_account source="$old_source$" account_id=$account_id$ ) | eval new_source = if(sourcetype="newrelic_account",input_name +":" + account_id,source), account_id = if(sourcetype="newrelic_account",account_id, rtrim(new_source,":") )
All good.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks all, It worked for me also, Big thanks to both.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
