Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Windows Log Events show up in Search > Data Summary, but not in the actual Dashboard.

helpdeskrtvnoor
New Member
‎03-15-2018 02:23 AM

Hello,

I have a issue with getting the Windows log events inside the dashboard using the EventID 'Windows Event Logs Analysis' app.
Inside the app's 'Search' tab the data seems to be gathered by the thousands of entries, but when I view the dashboard of the app, nothing seems to be shown inside the actual summary dashboard.

When looking at the 'Computer' input it lists the machines that it also shows under the 'Search' tab, yet no data seems to come through, even when selecting these machines by hand.

Am I overlooking a setting that's required to show the data inside the dashboard(s)?

All monitors seem to be returning 'No results found', anyone that recognizes this?

Thanks!

0 Karma
Reply

p_gurav
Champion
‎03-15-2018 09:42 PM

Can you use open in search on any panel n check for result? Might be mapping issue.

0 Karma
Reply

helpdeskrtvnoor
New Member
‎03-16-2018 01:07 AM

When using the regular search function it is able to find many events, however they do not show up in any shape or form in the app's dashboard.

It also finds these events when using the search function inside the app and shows all hosts, sources and sourcetypes inside the data summary.

Am I supposed to select using these hosts or sources somewhere else in the settings aside from the actual dashboards filter options? those are filtered on showing all computers and exclude no event sources.

I've also tried changing the time range, enabling all event types and security events with no success.

Might it be that the app has no permissions to access the data?
And what could be this mapping issue you are talking about?

Thanks.

0 Karma
Reply

tiagofbmm
Influencer
‎03-16-2018 02:06 AM

Apps themselves don't have "access to data". What regulates access or not are the roles of the user running a search, that may not have access to specific indexes.

Can you open of the panels in the dashboard, and extract the search that is underneath it and run it yourself?

If you can see the results, than the roles hypothesis gains momentum. Let me know

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...