Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

dashboard show no results, need to change index to "symantec" ?

danielchung
New Member
‎05-30-2013 02:13 AM

I found there is no result shown on anyone of the dashboard. However, I searched sourcetype="sep12:log" and saw there are data coming in. I clicked "Inspect" and found the dashboard is actually searching index "symantec", so I search "index=symantec" and got nothing returned.

Do I need to change the index to "symantec" in data input to make it works? TA is installed on the Splunk server, and SEPM is configured to send syslog to Splunk server.

Tags (1)
0 Karma
Reply

o_calmels
Communicator
‎01-06-2015 01:16 AM

As jwalzerpitt said, you have to change the destination index in the app Set Up in the the manage section.

Olivier

0 Karma
Reply

danielchung
New Member
‎05-31-2013 12:45 AM

I'm using Splunk App for Symantec, I cannot modify the saved search or dashboard within this app.
The installation guide do not show anything about modifying index to make it works...so I'm curious if it's necessary or I've missed something.

0 Karma
Reply

jwalzerpitt
Influencer
‎12-17-2014 09:44 AM

You should be able to go to Manage Apps and select Set up and change the index to symantec. Make sure you're sending your Symantec logs to that index.

0 Karma
Reply

MHibbin
Influencer
‎05-30-2013 07:29 AM

think you've answered your own question. Unless, you want the data you've already indexed in which case, you need to modify the dashboards (or more likely the saved searches behind the dashboard), and make both the default and symantec indexes available to it.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...