Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Windows Log Events show up in Search > Data Summary, but not in the actual Dashboard.

helpdeskrtvnoor
New Member
‎03-15-2018 02:23 AM

Hello,

I have a issue with getting the Windows log events inside the dashboard using the EventID 'Windows Event Logs Analysis' app.
Inside the app's 'Search' tab the data seems to be gathered by the thousands of entries, but when I view the dashboard of the app, nothing seems to be shown inside the actual summary dashboard.

When looking at the 'Computer' input it lists the machines that it also shows under the 'Search' tab, yet no data seems to come through, even when selecting these machines by hand.

Am I overlooking a setting that's required to show the data inside the dashboard(s)?

All monitors seem to be returning 'No results found', anyone that recognizes this?

Thanks!

0 Karma
Reply

p_gurav
Champion
‎03-15-2018 09:42 PM

Can you use open in search on any panel n check for result? Might be mapping issue.

0 Karma
Reply

helpdeskrtvnoor
New Member
‎03-16-2018 01:07 AM

When using the regular search function it is able to find many events, however they do not show up in any shape or form in the app's dashboard.

It also finds these events when using the search function inside the app and shows all hosts, sources and sourcetypes inside the data summary.

Am I supposed to select using these hosts or sources somewhere else in the settings aside from the actual dashboards filter options? those are filtered on showing all computers and exclude no event sources.

I've also tried changing the time range, enabling all event types and security events with no success.

Might it be that the app has no permissions to access the data?
And what could be this mapping issue you are talking about?

Thanks.

0 Karma
Reply

tiagofbmm
Influencer
‎03-16-2018 02:06 AM

Apps themselves don't have "access to data". What regulates access or not are the roles of the user running a search, that may not have access to specific indexes.

Can you open of the panels in the dashboard, and extract the search that is underneath it and run it yourself?

If you can see the results, than the roles hypothesis gains momentum. Let me know

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...