Can you help solve a problem I'm having with a cus...

SK8 · ‎09-19-2018

Hello,

I have a problem with a custom visualization. This gets a large amount of results (over 50k). I retrieve them with this example from the following blog Post (https://www.splunk.com/blog/2016/04/11/show-me-your-viz.html), just like in section 3b.

For the initial call it works fine, too.

However, there is a problem with an installation in a dashboard with filters. If the first result is above the chunk size, the offset is increased with UpdateDataParams. If I then limit the search further with the filters so that the quantity is below the previous chunk size, then I get the display "No results found." But there are still results. The Custom Visualization doesn't come into the UpdateView method anymore, because — probably — the current offset is higher than the current result set.

So how can I set the offset back to 0?

SK8 · ‎10-10-2018

We've identified the problem. We are currently working in this project with Splunk version 6.6.2. In this version this error occurs when chunking. In previous (6.5.2) and subsequent versions (7.1.0) it is no problem with our implementation. So there will be an internal splunk problem in this version.

Can you help solve a problem I'm having with a custom visualization that returns over 50k search results?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!