- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Dashboards not working or have random gaps in ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dashboards not working or have random gaps in information
Since the upgrade to 6.0, including 6.0.1, the dashboards are more often not working than working for me.
In particular, the All Incidents dashboard seems to randomly stop being populated with data. For example, yesterday there's no information between 12pm and 6pm, and then today from 2am to 6am. I can confirm that there are incident type logs coming in the entire time, and that they are being parsed correctly. Data models are 100% and accelerated. During these gaps, the User Behavior dashboard also doesn't work.
As for other issues, the File Activity dashboard is always on "Waiting for data...", Endpoint and Firewall config is no results found, web activity is only loading Top Referrers and Methods over Time.
GlobalProtect, Firewall System and Real-Time seem to be working without an issue.
As stated before, the events are being tagged and parsed into the different event types fine. I'm just not sure where else to look.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i'm using 7.0 not 62
D.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mwarvi,
Can you check below answer in splunk if it helps you?
https://answers.splunk.com/answers/186429/splunk-62-upgrade-issue-users-can-no-longer-create.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay, one possibility is that your underlying searches are not being run, either because they are not set up correctly, or because they are taking too long and the next one gets skipped. Try something like this to test that...
index=_internal source=*metrics.log group=searchscheduler
| timechart partial=false span=10m sum(dispatched) sum(skipped)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
GlobalProtect, Firewall System and Real-Time are working but as the above poster said. But all other dashboards not.
This was a fresh install.
Darren
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
Splunk APM: New Product Features + Community Office Hours Recap!
Index This | Forward, I’m heavy; backward, I’m not. What am I?
