Solved: Why is my timeline created with django bindings no...

mshapirovp · ‎06-23-2014

I have the following django template defined:

{% extends "splunkdj:base_with_app_bar.html" %}    
{% load splunkmvc %}    
{% block title %}{{app_name}}: Test{% endblock title %}    
{% block css %}
    <!-- Style sheets are loaded here -->
    <link rel="stylesheet" type="text/css" href="{{STATIC_URL}}{{app_name}}/custom.css" />
    <link rel="stylesheet" type="text/css" href="{{STATIC_URL}}splunkjs/css/dashboard.css" />
    <style>
    </style>
{% endblock css %}

{% block content %}
    {% timerange id="timerange_range"
             earliest_time="$earlyval$"|token_safe
             latest_time="$lateval$"|token_safe
             preset="Last 7 days"
    %}
    {% timeline id="timeline_requests" managerid="search_exceptions" %}
    {% eventsviewer id="events_results" managerid="search_exceptions" count=5 %}
{% endblock content%}

{% block managers %}
    {% searchmanager
        id="search_exceptions"
        search='index=_internal'|token_safe
        earliest_time="$earlyval$"|token_safe
        latest_time="$lateval$"|token_safe
        preview=True
        cache=True
    %}

{% endblock managers %}

{% block js %}
{% endblock js %}

When I load the page I correctly see data in the event viewer, but I never see any data in the timeline. This is on Splunk 6.1.1.

Anyone have any clues as to why this template doesn't work?

mshapirovp · ‎06-27-2014

Turns out you have to set the search manager's status_buckets property to a non-zero value.

View solution in original post

mshapirovp · ‎06-27-2014

Turns out you have to set the search manager's status_buckets property to a non-zero value.

Why is my timeline created with django bindings not showing any data?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?