User is complaining that he is unable to see the results in Dashboard. It is saying "No results found".
Following is the search query.
index=main sourcetype=wms_oracle_sessions | bucket span=5m _time | stats count AS sessions by _time,warehouse,machine,program | stats sum(sessions) AS wsessions by _time,warehouse | timechart avg(wsessions) by warehouse
@pratapa ,
Make sure the user has access to the main
index and also look at the search filters
Have a look at https://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Cantfinddata
I checked source type under settings --> Source types
Source type "wms_oracle_sessions" does not exist.
How does this effect. If it does not exist, how to proceed further.
@pratapa,
Have a look at this doc for a better understanding of sourcetype https://docs.splunk.com/Documentation/Splunk/8.0.1/Data/Whysourcetypesmatter
If the sourcetype does not exit indicates that either the data is not indexing or the source type extraction is not working and the events are indexed with another sourcetype. You might need to fix that.
Look for the events without specifying the sourcetype and adjust your search accordingly.
I tried without specifying the sourcetype, but still showing "No results found"