Hello,
I have 3 base queries in my splunk dashboard. But when the dashboard loads, only 1 or 2 base queries run displaying the data and visualization. Request you to please help me on this. PFB the xml data:
<form> <label>All Errors</label> <description>Errors</description> <fieldset submitButton="false"> <input type="time" token="Time" searchWhenChanged="true"> <label>Time</label> <default> <earliest>-24h</earliest> <latest>now</latest> </default> </input> </fieldset> <search id="search_urls"> <query> index=abc sourcetype=abc cf_org_name=abc cf_space_name=PROD cf_app_name=* | rex field=_raw "POST\s|GET\s(?<URL>[a-zA-Z0-9\W].+)\?|\s\HTTP" | rex field=_raw "x_b3_traceid\:\"(?<TRACE_ID>[a-zA-Z0-9]+)\"" | rex field=_raw "(?<METHOD>POST|GET)" | rex field=_raw "HTTP\/1.1\"\s+(?<STATUS>\d\d\d)\s" | join TRACE_ID [search index=abc sourcetype=abc cf_org_name=abc cf_space_name=PROD cf_app_name=* cf_instance_index="*APP/PROC/WEB*" (severity!=INFO OR tag=error) | rex field=_raw "(?<ERROR_MESSAGE>com.tmobile[a-zA-Z0-9\W].+)$" | rex field=_raw "\,(?<TRACE_ID>[0-9a-zA-Z]+)\,"] </query> <earliest>$Time.earliest$</earliest> <latest>$Time.latest$</latest> </search> <search id="performance_urls"> <query> index=abc sourcetype=abc cf_org_name=abc cf_space_name=PROD cf_app_name=* | rex field=_raw "POST\s|GET\s(?<URL>[a-zA-Z0-9\W].+)\?|\s\HTTP" | rex field=_raw "x_b3_traceid\:\"(?<TRACE_ID>[a-zA-Z0-9]+)\"" | rex field=_raw "(?<METHOD>POST|GET)" | rex field=_raw "response_time\:(?<RESPONSE_TIME>[\d\.\d]+)" | rex field=_raw "HTTP\/1.1\"\s+(?<STATUS>\d\d\d)\s" </query> <earliest>$Time.earliest$</earliest> <latest>$Time.latest$</latest> </search> <search id="errors"> <query>index=abc sourcetype=abc cf_org_name=abc cf_instance_index="*APP/PROC/WEB*" cf_app_name=* | rex field=_raw "(?<ORA_ERROR>ORA\-.+)$" | rex field=_raw "(?<KAFKA_ERROR>org.apache.kafka[a-zA-Z0-9\W].+)$" | rex field=_raw "(?<ERROR_MESSAGE>com.tmobile[0-9a-zA-Z\W].+)$" | rex field=_raw "message\:\s+(?<errorMessage>[0-9a-zA-Z\W].+)$" </query> <earliest>$Time.earliest$</earliest> <latest>$Time.latest$</latest> </search> <row> <panel> <title>Timechart based on URLs (only 4xx/5xx)</title> <chart> <search base="search_urls"> <query> search STATUS>=400 AND URL!="/" | timechart span=1h count by URL usenull=f useother=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> <option name="refresh.display">progressbar</option> </chart> </panel> <panel> <title>Timechart based on URLs (only 4xx/5xx - Unique Trace IDs)</title> <chart> <search base="search_urls"> <query> search STATUS>=400 AND URL!="/" | dedup TRACE_ID | timechart span=1h count by URL usenull=f useother=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> <option name="refresh.display">progressbar</option> </chart> </panel> <panel> <title>Statistics based on URL, STATUS, METHOD, cf_app_name, ERROR_MESSAGE (Sorted by maximum counts)</title> <table> <search base="search_urls"> <query> search STATUS>=400 AND URL!="/" | stats count by URL, STATUS, METHOD, cf_app_name, ERROR_MESSAGE | sort - count | head 6</query> </search> <option name="drilldown">row</option> <option name="percentagesRow">false</option> <option name="totalsRow">false</option> <option name="wrap">false</option> </table> </panel> </row> <row> <panel> <title>Timechart based on URLs (including 2xx/3xx)</title> <chart> <search base="search_urls"> <query> | timechart span=1h count by URL useother=f usenull=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> <option name="refresh.display">progressbar</option> </chart> </panel> <panel> <title>Timechart based on URLs (including 2xx/3xx - Unique Trace IDs)</title> <chart> <search base="search_urls"> <query> | dedup TRACE_ID | timechart span=1h count by URL useother=f usenull=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> <option name="refresh.display">progressbar</option> </chart> </panel> <panel> <title>Statistics based on URL, STATUS, METHOD, cf_app_name, ERROR_MESSAGE (including 2xx/3xx)</title> <table> <search base="search_urls"> <query> | stats count by URL, STATUS, METHOD, cf_app_name, ERROR_MESSAGE | sort - count | head 6</query> </search> <option name="drilldown">row</option> <option name="totalsRow">false</option> <option name="wrap">false</option> </table> </panel> </row> <row> <panel> <title>Database Errors (Timechart)</title> <chart> <search base="errors"> <query> search tag=error | timechart span=1h count by ORA_ERROR usenull=f useother=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> </chart> </panel> <panel> <title>Database Errors by cf_app_name, Error Message (sorted by maximum counts)</title> <table> <search base="errors"> <query> search tag=error | stats count by cf_app_name, ORA_ERROR | sort - count | head 6</query> </search> <option name="drilldown">row</option> <option name="wrap">false</option> </table> </panel> </row> <row> <panel> <title>Timechart of generic messages</title> <chart> <search base="errors"> <query> search errorMessage!="null" | timechart span=1h count by errorMessage useother=f usenull=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> </chart> </panel> <panel> <title>Statistics of generic messages based on cf_app_name</title> <table> <search base="errors"> <query> search errorMessage!="null" | stats count by cf_app_name, errorMessage | sort - count | head 6</query> </search> <option name="drilldown">row</option> <option name="wrap">false</option> </table> </panel> </row> <row> <panel> <title>Timechart of Kafka Errors</title> <chart> <search base="errors"> <query> search severity!=INFO OR tag=error | timechart span=1h count by KAFKA_ERROR usenull=f useother=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> <option name="refresh.display">progressbar</option> </chart> </panel> <panel> <title>Statistics of Kafka Errors based on cf_app_name</title> <table> <search base="errors"> <query> search severity!=INFO OR tag=error | stats count by cf_app_name, KAFKA_ERROR | sort - count | head 6</query> </search> <option name="drilldown">row</option> <option name="wrap">false</option> </table> </panel> </row> <row> <panel> <title>RMQ Errors (Timechart)</title> <chart> <search base="errors"> <query> search ERROR_MESSAGE="*RMQ*" AND (severity!=INFO OR tag=error) | timechart span=1h count by ERROR_MESSAGE usenull=f useother=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> </chart> </panel> <panel> <title>Statistics of RMQ Errors based on cf_app_name</title> <table> <search base="errors"> <query> search ERROR_MESSAGE="*RMQ*" AND (severity!=INFO OR tag=error) | stats count by cf_app_name, ERROR_MESSAGE | sort - count | head 6</query> </search> <option name="drilldown">row</option> <option name="refresh.display">progressbar</option> <option name="wrap">false</option> </table> </panel> </row> <row> <panel> <title>Deep Errors (Timechart)</title> <chart> <search base="errors"> <query> search ERROR_MESSAGE="*deep*" AND (severity!=INFO OR tag=error) | timechart span=1h count by ERROR_MESSAGE usenull=f useother=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> </chart> </panel> <panel> <title>Statistics of Deep Errors based on cf_app_name</title> <table> <search base="errors"> <query> search ERROR_MESSAGE="*deep*" AND (severity!=INFO OR tag=error) | stats count by cf_app_name, ERROR_MESSAGE | sort - count | head 6</query> </search> <option name="drilldown">row</option> <option name="wrap">false</option> </table> </panel> </row> <row> <panel> <title>Performance of 4xx/5xx URLs - Response > 10 sec (Timechart)</title> <chart> <search base="performance_urls"> <query> search STATUS>=400 AND URL!="/" AND RESPONSE_TIME>10 | timechart span=1h count by URL usenull=f useother=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> <option name="refresh.display">progressbar</option> </chart> </panel> <panel> <title>Statistics of response time > 10 sec for 4xx/5xx URLs</title> <table> <search base="performance_urls"> <query> search STATUS>=400 AND URL!="/" AND RESPONSE_TIME>10 | stats count by URL, cf_app_name, STATUS, METHOD | sort - count | head 6</query> </search> <option name="drilldown">row</option> <option name="wrap">false</option> </table> </panel> </row> <row> <panel> <title>Performance of URLs 2xx/3xx/4xx/5xx - Response > 10 sec (Timechart)</title> <chart> <search base="performance_urls"> <query> search URL!="/" AND RESPONSE_TIME>10 | timechart span=1h count by URL useother=f usenull=f</query> </search> <option name="charting.chart">line</option> <option name="charting.drilldown">none</option> <option name="charting.legend.placement">bottom</option> </chart> </panel> <panel> <title>Statistics of response time > 10 sec for 2xx/3xx/4xx/5xx URLs</title> <table> <search base="performance_urls"> <query> search URL!="/" AND RESPONSE_TIME>10 | stats count by URL, cf_app_name, STATUS, METHOD | sort - count | head 6</query> </search> <option name="drilldown">row</option> <option name="refresh.display">progressbar</option> <option name="wrap">false</option> </table> </panel> </row> </form>
... View more