All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

the dashboard of cisco ise app show no results while the indexer or cisco ise app has received log file from ise?

jeremysun
New Member
‎07-18-2018 12:49 AM

the dashboard of cisco ise app show no results while the indexer for cisco ise app has received log file from ise?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎07-18-2018 09:16 AM

most of the times dashboards in pre-built apps do not conatais the index = <some_index> in the pre-built searches for panels reports etc
if your role does not search all indexes by default, it will see no data. try and open a random panel in search by clicking the magnifying glass icon on the bottom right of the panel, observe the search syntax, try and add index = * at the beginning of the search and see is there are results. if there are, either modify the searches or add the relevant index to be searched by default to the roles that are using the particular data set.

hope it helps

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎07-18-2018 09:16 AM

most of the times dashboards in pre-built apps do not conatais the index = <some_index> in the pre-built searches for panels reports etc
if your role does not search all indexes by default, it will see no data. try and open a random panel in search by clicking the magnifying glass icon on the bottom right of the panel, observe the search syntax, try and add index = * at the beginning of the search and see is there are results. if there are, either modify the searches or add the relevant index to be searched by default to the roles that are using the particular data set.

hope it helps

0 Karma
Reply
Solved! Jump to solution

jeremysun
New Member
‎07-19-2018 08:50 PM

Thanks for answering,

I found that if i add the"index=cisco_ise" before the searching language,the result will show on the dashboard.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎07-20-2018 04:32 AM

@jeremysun, if that solves it, kindly accept the answer so other will know this solution worked for you
thanks and happy splunking!

0 Karma
Reply
Solved! Jump to solution

ACingo17
Explorer
‎10-28-2019 03:21 PM

i've just started using the Cisco ISE app for the first time and I have all the syslog being indexed correctly into a unique index. I've updated each eventtype to include the index and the dashboards are now populating. Also, checked the TA under eventtype.conf will need to update each one with correct index

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...