Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why are Dashboard Panels Stuck on "Waiting for data..." for Non-Admin Users?

nextpart
Explorer
‎08-30-2023 07:18 AM

I'm facing a rather peculiar issue with dashboards. When non-admin users, or users without the admin_all_objects capability, access the dashboard, all panels display "Waiting for data..." indefinitely. However, the strangest part is that if the user clicks on the search of a panel and is redirected to the search view, the results appear immediately.

Here's what I've tried so far:

  • Searched through community questions and issues, but found nothing that matches this issue exactly.
  • Experimented with different capabilities, but it seems only the admin_all_objects capability solves this issue.
  • Attempted to adjust the job limits similar to those set for admin users.

Assigning admin_all_objects capability to all users is not a viable solution for me due to security concerns.

Has anyone encountered this issue before? I'm running out of ideas and would appreciate any help or insights on this.

Note: Tested also on a local instance deployed via ansible-role-for-splunk to reproduce.

 

Thank you in advance for your time and assistance.

Labels (2)
Labels
Tags (2)
Reply

bowesmana
SplunkTrust
SplunkTrust
‎08-30-2023 04:40 PM

Is the dashboard search using tokens in the search?

0 Karma
Reply

nextpart
Explorer
‎09-04-2023 01:31 AM

Yes, it is. But I just tried the same with a dashboard that's not using any type of token in a base search or somewhere else, facing the same issue.

Tags (1)
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎09-04-2023 03:24 PM

Ah... you mention base search.

I have seen an issue with post processing searches showing Waiting for data when a search re-runs but only the post process part has a changed criteria and the base does not - there is some additional token complexity in there too.

Is this relevant to your case?

The behaviour is similar in that opening the search in a new window works.

I currently have a workaround where I ensure the post process search forces use of a field that is not actually required, but it makes the search run.

I haven't tracked this down, but suspect it's a bug as I am generally admin when I see this.

0 Karma
Reply

nextpart
Explorer
‎09-05-2023 06:41 AM

Unfortunately, this is not relevant for this specific case, as it's not possible to run any simple search in the dashboards.

But when trying to run the same searches in a dashboard built with dashboard-studio I now immediately get an error message instead of infinite waiting for data:
"Search new_test_user_bmV3X3Rlc3RfdXNlcg__search__RMD5149cadac0aee6cd6_1693919913.13912 not found. The search may have been cancelled while there are still subscribers."

0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...