All Apps and Add-ons

Event log count and Performange Snapshot not working

jalford
Engager

When I open Windows Management the System Management panel shows buttons for Events, Errors and Warnings. These are all prefixed with N/A but I presume this should be a value. If I click on these buttons I can see the events so it looks like the count is not working.

I am currently on Splunk 4.3.1 build 119532 and the Windows app is 4.5.1 but I think it has always been this way.

Performance Snapshot is also showing "No results found." and when I click on the inspect link it shows:

This search has completed, but did not match any events. The terms specified in the highlighted portion of the search:

search index="summary" source="performance_snapshot" | timechart avg(PercentProcessorTime) as "CPU",avg(PercentCommittedBytesInUse) as "Memory",avg(PercentDiskTime) as "Disk"

over the time range:

27/03/2012 07:51:19.000 – 27/03/2012 08:51:19.000

did not return any data. Possible solutions are to:

relax the primary search criteria
widen the time range of the search
check that the default search indexes for your account include the desired indexes

The following messages were returned by the search subsystem:

DEBUG: base lispy: [ AND index::summary source::performance_snapshot ]
DEBUG: search context: user="admin", app="windows", bs-pathname="C:\Program Files\Splunk\etc"

Learn more about troubleshooting empty search results at Splunk Documentation.

(SID: 1332834679.51)

0 Karma

araitz
Splunk Employee
Splunk Employee

There is a saved search called 'performance_snapshot' that is scheduled to run every 5 minutes and power the summary index that populates this dashboard.

If you go to Manager > Searches & Reports, is this saved search enabled?

If you click 'View Recent', do you see jobs that had more than 0 results returned?

If you click 'Run', do you get results in the popup window?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...