I have installed (several times) the Splunk App for Unix (*nix) Version 6.0.1. I have changed the default index in the settings to use the index=main by editing the related search Macro. I have configured the SUFs 'downstream' to send data to the main index and I can see all the data arriving in the index as expected. Note this is installed on a Splunk dedicated single instance running version 8.1.3 (Enterprise On-Premises) In the settings section of the App, I can see the correct index is specified (main) and clicking on the various Preview button options returns valid data. See below for examples: Index Specification, and verify "Preview " selections: CPU data preview: DF Data Preview: Suffice it to say that all the other Preview buttons also return valid data. This would imply that the data is correctly configured and the applicaiton should be able to consume it. However, when I try and look at the dashboards of the app, they all remain free of any data, as can be seen from the screen captures below: I am kinda out of ideas. Anyone got anything? Cheers Chris
... View more