Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Key indicator question

matt1t
Explorer
‎01-04-2020 07:43 PM

I created a key indicator and when I click the preview button I get the results I want:alt text

However, when I add this to my dashboard it will not show the results, any idea why?

Here is what my dashboard shows.
alt text

Tags (2)
Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

matt1t
Explorer
‎01-06-2020 08:02 AM

I figured it out, however this makes no sense. Many examples on the key indicators start with search and then the actual search. Example would be "search index=some_index earliest=-3d@d blah blah blah". With the search in front my preview works, but the results are missing on the dashboard. If I take the search out of it, the preview no longer work, however its now working on my dashboard. I don't know what made me try that but I now have my dashboard working so I'm happy. Maybe someone can explain the difference?

Thanks,

-Matt

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

matt1t
Explorer
‎01-06-2020 08:02 AM

I figured it out, however this makes no sense. Many examples on the key indicators start with search and then the actual search. Example would be "search index=some_index earliest=-3d@d blah blah blah". With the search in front my preview works, but the results are missing on the dashboard. If I take the search out of it, the preview no longer work, however its now working on my dashboard. I don't know what made me try that but I now have my dashboard working so I'm happy. Maybe someone can explain the difference?

Thanks,

-Matt

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎01-05-2020 04:52 AM

@matt1t once the search query runs, how are you moving the panel to your dashboard? Are you using Save as Dashboard option or are you merging the search <query> manually? By any chance are you using Post-Processing in the dashboard?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

matt1t
Explorer
‎01-06-2020 07:46 AM

I wonder is this is the issue. So when I click on the preview, my search runs and I get the data I expect. If I'm within the Content Management section and look at the info for my key indicator I get the following stats:

Statistics
Avg. Event Count ..... 17.36
Avg. Result Count ..... 0
Avg. Run Time ....... 0:00:02
Invocations ....... 25
Skipped ........ 0
Success ........0
Update Time ........ Jan 6, 2020 10:30:00 AM

So no successes and 25 invocations? What are invocations and how can I fix this?

0 Karma
Reply
Solved! Jump to solution

matt1t
Explorer
‎01-05-2020 06:44 AM

On the dashboard I click edit, and then it has a plus sign which then loads a Add Indicators. I choose the indicator I created and then its added.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out &gt;&gt; As our brave ...