Hi All,
I am a bit new to grafana, i recently configured an alert using splunk as the datasource. I am getting a syslogs from splunk in a panel inside a dashbaord. The query seems to be working fine in the dashbaord filtering out the desired results, but when i am using it in the alert i dont think its working. This is the query - index=“xx_syslog*” source=xxl-1:/aws/ec2/linux/logs:FQDN/postfix/mail.log (status=bounced OR status=defer OR status=trace),. I do get some alerts fired but in the alert i get
Labels
alertname DatasourceError
datasource_uid xx
grafana_folder xx
ref_id A
rulename xx
Annotations
Error [sse.readDataError] [A] got error: input data must be a wide series but got type long (input refid)