Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Key indicator question

matt1t
Explorer
‎01-04-2020 07:43 PM

I created a key indicator and when I click the preview button I get the results I want:alt text

However, when I add this to my dashboard it will not show the results, any idea why?

Here is what my dashboard shows.
alt text

Tags (2)
Preview file
17 KB
Preview file
6 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

matt1t
Explorer
‎01-06-2020 08:02 AM

I figured it out, however this makes no sense. Many examples on the key indicators start with search and then the actual search. Example would be "search index=some_index earliest=-3d@d blah blah blah". With the search in front my preview works, but the results are missing on the dashboard. If I take the search out of it, the preview no longer work, however its now working on my dashboard. I don't know what made me try that but I now have my dashboard working so I'm happy. Maybe someone can explain the difference?

Thanks,

-Matt

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

matt1t
Explorer
‎01-06-2020 08:02 AM

I figured it out, however this makes no sense. Many examples on the key indicators start with search and then the actual search. Example would be "search index=some_index earliest=-3d@d blah blah blah". With the search in front my preview works, but the results are missing on the dashboard. If I take the search out of it, the preview no longer work, however its now working on my dashboard. I don't know what made me try that but I now have my dashboard working so I'm happy. Maybe someone can explain the difference?

Thanks,

-Matt

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎01-05-2020 04:52 AM

@matt1t once the search query runs, how are you moving the panel to your dashboard? Are you using Save as Dashboard option or are you merging the search <query> manually? By any chance are you using Post-Processing in the dashboard?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

matt1t
Explorer
‎01-06-2020 07:46 AM

I wonder is this is the issue. So when I click on the preview, my search runs and I get the data I expect. If I'm within the Content Management section and look at the info for my key indicator I get the following stats:

Statistics
Avg. Event Count ..... 17.36
Avg. Result Count ..... 0
Avg. Run Time ....... 0:00:02
Invocations ....... 25
Skipped ........ 0
Success ........0
Update Time ........ Jan 6, 2020 10:30:00 AM

So no successes and 25 invocations? What are invocations and how can I fix this?

0 Karma
Reply
Solved! Jump to solution

matt1t
Explorer
‎01-05-2020 06:44 AM

On the dashboard I click edit, and then it has a plus sign which then loads a Add Indicators. I choose the indicator I created and then its added.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...