All Apps and Add-ons

the dashboard of cisco ise app show no results while the indexer or cisco ise app has received log file from ise?

jeremysun
New Member

the dashboard of cisco ise app show no results while the indexer for cisco ise app has received log file from ise?

0 Karma
1 Solution

adonio
SplunkTrust
SplunkTrust

most of the times dashboards in pre-built apps do not conatais the index = <some_index> in the pre-built searches for panels reports etc
if your role does not search all indexes by default, it will see no data. try and open a random panel in search by clicking the magnifying glass icon on the bottom right of the panel, observe the search syntax, try and add index = * at the beginning of the search and see is there are results. if there are, either modify the searches or add the relevant index to be searched by default to the roles that are using the particular data set.

hope it helps

View solution in original post

0 Karma

adonio
SplunkTrust
SplunkTrust

most of the times dashboards in pre-built apps do not conatais the index = <some_index> in the pre-built searches for panels reports etc
if your role does not search all indexes by default, it will see no data. try and open a random panel in search by clicking the magnifying glass icon on the bottom right of the panel, observe the search syntax, try and add index = * at the beginning of the search and see is there are results. if there are, either modify the searches or add the relevant index to be searched by default to the roles that are using the particular data set.

hope it helps

View solution in original post

0 Karma

jeremysun
New Member

Thanks for answering,

I found that if i add the"index=cisco_ise" before the searching language,the result will show on the dashboard.

0 Karma

adonio
SplunkTrust
SplunkTrust

@jeremysun, if that solves it, kindly accept the answer so other will know this solution worked for you
thanks and happy splunking!

0 Karma

ACingo17
Explorer

i've just started using the Cisco ISE app for the first time and I have all the syslog being indexed correctly into a unique index. I've updated each eventtype to include the index and the dashboards are now populating. Also, checked the TA under eventtype.conf will need to update each one with correct index

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!