Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk for OSSEC Dashboard : No results found.

nickbijmoer
Path Finder
‎10-12-2016 04:05 AM

Hello guys,

A few days ago the default dashboard of OSSEC in splunk worked fine, but I had to clean up some space so I deleted some data logs and now when I open the default dashboard it says: No results found.
So I dont know why, but I dont get data anymore and I tought I didnt change anything...
Can some1 help me? If you have questions please ask 🙂

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DEAD_BEEF
Builder
‎10-13-2016 08:21 AM

I'm not sure if there's an option to set all fields to default again. I honestly think the easiest thing will be to just manually check each field. They are case-sensitive, so I'd be sure to check them very carefully! Sounds like a field prob. got renamed so the query isn't working. Let me know how this comes along.

View solution in original post

Reply
Solved! Jump to solution
Solution

DEAD_BEEF
Builder
‎10-13-2016 08:21 AM

I'm not sure if there's an option to set all fields to default again. I honestly think the easiest thing will be to just manually check each field. They are case-sensitive, so I'd be sure to check them very carefully! Sounds like a field prob. got renamed so the query isn't working. Let me know how this comes along.

Reply
Solved! Jump to solution

nickbijmoer
Path Finder
‎10-14-2016 04:49 AM

They were just gone apparently, I added them again and now its working 🙂

0 Karma
Reply
Solved! Jump to solution

DEAD_BEEF
Builder
‎10-14-2016 07:42 AM

Some of the fields themselves were gone? As in, no logs contained data for such a named field? That is really odd. How did you add it again to fix it? Just so others know as well in the future 🙂

0 Karma
Reply
Solved! Jump to solution

nickbijmoer
Path Finder
‎10-16-2016 11:58 PM

Yeah I just manually extracted the fields again 🙂

0 Karma
Reply
Solved! Jump to solution

DEAD_BEEF
Builder
‎10-12-2016 07:52 AM

Have you checked the underlying query generating the dashboards to see if a field was renamed or now has no data/results?

0 Karma
Reply
Solved! Jump to solution

nickbijmoer
Path Finder
‎10-13-2016 12:26 AM

Yeah I checked it, It gives no data if I search with that query, but the data that he used before is still in SPLUNK so I might have a field that renamed indeed or something like that... Is there an option to set all fields to default again or reset all fields?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...