You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The data on the dashboard is empty.
After looking at the dashboard. I see that the queries are looking for body_output fields from the default stream.
Following the steps, There's nothing in the article that mentions needing to modify the queries in the dashboard or providing a function to the default stream to parse the body field in order to ensure it's translated to body_*.
I would like to know what parsing function you are using for the translation.
If the parsing function can not be provided, Can you update the dashboard to use the correct fields?
The text was updated successfully, but these errors were encountered:
I followed this blog post to the letter.
https://openobserve.ai/blog/how-to-setup-falco-on-kubernetes
I imported the dashboard from
https://raw.githubusercontent.com/openobserve/dashboards/refs/heads/main/falco_security/Kubernetes_security_dashboard.json
The data on the dashboard is empty.
After looking at the dashboard. I see that the queries are looking for
body_outputfields from the default stream.Following the steps, There's nothing in the article that mentions needing to modify the queries in the dashboard or providing a function to the default stream to parse the body field in order to ensure it's translated to body_*.
https://github.com/openobserve/dashboards/blob/91893f34d82697b7b19c78ac8f3d3215cd26e1d7/falco_security/Kubernetes_security_dashboard.json#L174C38-L174C49
I would like to know what parsing function you are using for the translation.
If the parsing function can not be provided, Can you update the dashboard to use the correct fields?
The text was updated successfully, but these errors were encountered: