Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk for OSSEC Dashboard : No results found.

nickbijmoer
Path Finder
‎10-12-2016 04:05 AM

Hello guys,

A few days ago the default dashboard of OSSEC in splunk worked fine, but I had to clean up some space so I deleted some data logs and now when I open the default dashboard it says: No results found.
So I dont know why, but I dont get data anymore and I tought I didnt change anything...
Can some1 help me? If you have questions please ask 🙂

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DEAD_BEEF
Builder
‎10-13-2016 08:21 AM

I'm not sure if there's an option to set all fields to default again. I honestly think the easiest thing will be to just manually check each field. They are case-sensitive, so I'd be sure to check them very carefully! Sounds like a field prob. got renamed so the query isn't working. Let me know how this comes along.

View solution in original post

Reply
Solved! Jump to solution
Solution

DEAD_BEEF
Builder
‎10-13-2016 08:21 AM

I'm not sure if there's an option to set all fields to default again. I honestly think the easiest thing will be to just manually check each field. They are case-sensitive, so I'd be sure to check them very carefully! Sounds like a field prob. got renamed so the query isn't working. Let me know how this comes along.

Reply
Solved! Jump to solution

nickbijmoer
Path Finder
‎10-14-2016 04:49 AM

They were just gone apparently, I added them again and now its working 🙂

0 Karma
Reply
Solved! Jump to solution

DEAD_BEEF
Builder
‎10-14-2016 07:42 AM

Some of the fields themselves were gone? As in, no logs contained data for such a named field? That is really odd. How did you add it again to fix it? Just so others know as well in the future 🙂

0 Karma
Reply
Solved! Jump to solution

nickbijmoer
Path Finder
‎10-16-2016 11:58 PM

Yeah I just manually extracted the fields again 🙂

0 Karma
Reply
Solved! Jump to solution

DEAD_BEEF
Builder
‎10-12-2016 07:52 AM

Have you checked the underlying query generating the dashboards to see if a field was renamed or now has no data/results?

0 Karma
Reply
Solved! Jump to solution

nickbijmoer
Path Finder
‎10-13-2016 12:26 AM

Yeah I checked it, It gives no data if I search with that query, but the data that he used before is still in SPLUNK so I might have a field that renamed indeed or something like that... Is there an option to set all fields to default again or reset all fields?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...