So I'm sorry if this is a rather stupid question, but I have been thrown into creating a dashboard and I've only taken a couple virtual courses on Splunk and I don't remember this being covered. I know how to create dashboards from searches, however I need to create a dashboard from something I'm pulling up through the incident review search, or if I group the events into an investigation create a dashboard from those results. Alternatively, is there a way to figure out exactly what the search string of the index review is using, as if there is I would know how to go from there, but I've tried doing searches through the indexes and sources I feel are most commonly used and I can't get the results I get in incident review.
... View more
Hello everyone, I'm new here and to Splunk in general. I have completed Fundamentals 1 and am now on the labs of Module 3 in Fundamentals 2. I am running into an issue with the drilldown editor in the edit dashboard page. The lab instructions say for me to click the 3 dots on the right of the screen (also known as the More actions button) but when I do the "More actions" bubble pops up and nothing appears, the more actions bubble then stays frozen on there until I leave the page or refresh it, see below. The other 3 buttons work fine. I am using Microsoft Edge and I tried Chrome but got the same result. Is there another way to access the Drilldown Editor? I can't progress in the course without actually completing the lab.
... View more