Hi All,
My Dashboard panel which calls a report search is showing "Search did not return any events." When i click on the magnifying glass icon and run the search manually, it displays the results without any issues. Please advise what could be wrong in the XML form. I am ensuring to use <form> </form>
<form version="1.1">
<label>SLA Metrics</label>
<fieldset autoRun="true" submitButton="false">
<input type="time" token="field1">
<label></label>
<default>
<earliest>-24h@h</earliest>
<latest>now</latest>
</default>
</input>
</fieldset>
<row>
<panel>
<event>
<title>MTTA - Mean Time to Acknowledge</title>
<search ref="MHE - Mean Time to Acknowledge">
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
</search>
<option name="list.drilldown">none</option>
</event>
</panel>
</row>
</form>
I have referenced https://community.splunk.com/t5/Splunk-Search/Using-time-range-picker-does-not-work-in-dashboard-whe... and as far as i can tell, my xml code is in line with what is the solution in the post. Please assist.
Hmm, okay. That's weird.
To add the search query that is used in your report. Go to "Reports", Click on the Report Name and then choose "Add to dashboard". There you have the option add the report as an inline search.
Thanks for responding. No the report is not scheduled and thats the odd part. Screenshot below. In the Classic Dashboard, i don't see any option to enter the search query directly . It is mandatory to select an Input and then under inputs i end up selecting my Report.
Hmm, okay. That's weird.
To add the search query that is used in your report. Go to "Reports", Click on the Report Name and then choose "Add to dashboard". There you have the option add the report as an inline search.
