Description
I followed this blog post to the letter.
https://openobserve.ai/blog/how-to-setup-falco-on-kubernetes
I imported the dashboard from
https://raw.githubusercontent.com/openobserve/dashboards/refs/heads/main/falco_security/Kubernetes_security_dashboard.json
The data on the dashboard is empty.
After looking at the dashboard. I see that the queries are looking for body_output fields from the default stream.
Following the steps, There's nothing in the article that mentions needing to modify the queries in the dashboard or providing a function to the default stream to parse the body field in order to ensure it's translated to body_*.
I would like to know what parsing function you are using for the translation.
If the parsing function can not be provided, Can you update the dashboard to use the correct fields?