Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Receiving "Error in 'TsidxStats': WHERE clause is not an exact query" in Cisco Networks app

mvasquez21
Explorer
‎05-08-2019 07:04 AM

I recently upgraded my Cisco Networks App from 2.3.4 to 2.5.7 but now all the dashboards are getting this error in historical mode. Here is the query from one of the modules:
| tstats values(nodename) AS nodename count FROM datamodel=Cisco_IOS_Event WHERE Cisco_IOS_Event.product IN (IOS) Cisco_IOS_Event.index IN (*) BY host Cisco_IOS_Event.index | rename Cisco_IOS_Event.index AS index | search nodename=Cisco_IOS_Event | stats sum(count)

0 Karma
Reply

begleyj1
Path Finder
‎02-03-2020 04:50 PM

Some suggestions:

  • removing the Cisco_IOS_Event.index IN (*). Change this to Cisco_IOS_Event.index=*.
  • Remove the nodename the search clause and leave it in the tstats. If your dataset is defaulted to Cisco_IOS_Event, then just leave it as so in the tstats clause:

from datamodel=Cisco_IOS_Event.Cisco_IOS_Event ...

0 Karma
Reply

blebit
Path Finder
‎02-03-2020 04:27 AM

anything new ?

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...