Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk for OSSEC Dashboard : No results found.

nickbijmoer
Path Finder
‎10-12-2016 04:05 AM

Hello guys,

A few days ago the default dashboard of OSSEC in splunk worked fine, but I had to clean up some space so I deleted some data logs and now when I open the default dashboard it says: No results found.
So I dont know why, but I dont get data anymore and I tought I didnt change anything...
Can some1 help me? If you have questions please ask 🙂

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DEAD_BEEF
Builder
‎10-13-2016 08:21 AM

I'm not sure if there's an option to set all fields to default again. I honestly think the easiest thing will be to just manually check each field. They are case-sensitive, so I'd be sure to check them very carefully! Sounds like a field prob. got renamed so the query isn't working. Let me know how this comes along.

View solution in original post

Reply
Solved! Jump to solution
Solution

DEAD_BEEF
Builder
‎10-13-2016 08:21 AM

I'm not sure if there's an option to set all fields to default again. I honestly think the easiest thing will be to just manually check each field. They are case-sensitive, so I'd be sure to check them very carefully! Sounds like a field prob. got renamed so the query isn't working. Let me know how this comes along.

Reply
Solved! Jump to solution

nickbijmoer
Path Finder
‎10-14-2016 04:49 AM

They were just gone apparently, I added them again and now its working 🙂

0 Karma
Reply
Solved! Jump to solution

DEAD_BEEF
Builder
‎10-14-2016 07:42 AM

Some of the fields themselves were gone? As in, no logs contained data for such a named field? That is really odd. How did you add it again to fix it? Just so others know as well in the future 🙂

0 Karma
Reply
Solved! Jump to solution

nickbijmoer
Path Finder
‎10-16-2016 11:58 PM

Yeah I just manually extracted the fields again 🙂

0 Karma
Reply
Solved! Jump to solution

DEAD_BEEF
Builder
‎10-12-2016 07:52 AM

Have you checked the underlying query generating the dashboards to see if a field was renamed or now has no data/results?

0 Karma
Reply
Solved! Jump to solution

nickbijmoer
Path Finder
‎10-13-2016 12:26 AM

Yeah I checked it, It gives no data if I search with that query, but the data that he used before is still in SPLUNK so I might have a field that renamed indeed or something like that... Is there an option to set all fields to default again or reset all fields?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...