Hi,
I have a problem with the embeded report function on splunk 7 instances.
we have multiple splunk servers at different customers. All of them are standalone splunk servers.
I have created an embeded report on all instances with the same search. The report only runs for a few second and if I export it as csv, I see on all of them results.
One of this instances have the version 6.6.1.
There the embed report function works as expected. I see the results in a table, if i open the link. Independent of the browser which I use.
But on all other instances (which are splunk 7.0.1 or 7.0.2), I only see a blank page if I open the link with firefox, chrome or opera.
If I open it with the internet explorer I see the results but in a column chart and not as table.
Has someone a idea what the problem might be?
Sure, I tried a short query for suricata alerts:
index="suricata" event_type=alert
| stats count by alert.signature, severity
| table alert.signature, severity,count
Can you tell me query you are running?