I have a issue with getting the Windows log events inside the dashboard using the EventID 'Windows Event Logs Analysis' app.
Inside the app's 'Search' tab the data seems to be gathered by the thousands of entries, but when I view the dashboard of the app, nothing seems to be shown inside the actual summary dashboard.
When looking at the 'Computer' input it lists the machines that it also shows under the 'Search' tab, yet no data seems to come through, even when selecting these machines by hand.
Am I overlooking a setting that's required to show the data inside the dashboard(s)?
All monitors seem to be returning 'No results found', anyone that recognizes this?
When using the regular search function it is able to find many events, however they do not show up in any shape or form in the app's dashboard.
It also finds these events when using the search function inside the app and shows all hosts, sources and sourcetypes inside the data summary.
Am I supposed to select using these hosts or sources somewhere else in the settings aside from the actual dashboards filter options? those are filtered on showing all computers and exclude no event sources.
I've also tried changing the time range, enabling all event types and security events with no success.
Might it be that the app has no permissions to access the data?
And what could be this mapping issue you are talking about?
Apps themselves don't have "access to data". What regulates access or not are the roles of the user running a search, that may not have access to specific indexes.
Can you open of the panels in the dashboard, and extract the search that is underneath it and run it yourself?
If you can see the results, than the roles hypothesis gains momentum. Let me know