All Apps and Add-ons

Amazon Purchases Analysis for Splunk: Why do I have thesese ERROR and WARN messages? Where's my data?

lrod99
New Member

Hello experts,
I'm new to Splunk, I would really appreciate some help here..
This is what I have done, I installed Splunk Enterprise on Window 10, running the latest release of Splunk Version 7.0.1 Build 2b5b15c4ee89
1. Ensured the env variables are set for SPLUNK_HOME and SPLUNK_DB
2. There was no existing indexes.conf in the local directory so I copied and modified the indexes.conf from default and put in $SPLUNK_HOME/etc/system/local , The indexes were created and look fine.
3. next I download a .csv file from Amazon, this is called 01-Jan-2016_to_16-Dec-2017.csv
4. Then I uploaded the file in the GUI and set the sourecetype to amazon_purchases
-and the index to amazon_purchases.
I was able to see my upload data in Splunk core, but when I switched over to the add nothing is showing up.

Checked the Splunkd.log there are errors:
12-16-2017 10:54:42.598 -0800 ERROR ExecProcessor - message from ""C:\Program Files\Splunk\bin\splunk-winevtlog.exe"" splunk-winevtlog - WinEventMon::configure: Failed to find Event Log with channel name='Microsoft-Windows-Sysmon/Operational'
12-16-2017 10:54:57.854 -0800 WARN LookupOperator - Unable to find property=filename for lookup=zip_amazon.csv will attempt to use implicit filename.
12-16-2017 10:54:57.855 -0800 WARN LookupOperator - Using implicit filename=C:\Program Files\Splunk\etc\apps\amazon_purchases\lookups\zip_amazon.csv implicit lookups do not use transforms.conf-defined settings.
12-16-2017 10:54:57.881 -0800 WARN LookupOperator - Unable to find property=filename for lookup=zip_amazon.csv will attempt to use implicit filename.

I'm not sure why it is referencing amazon.csv, that is not the name of my csv file, but I see this in a list after I upload, can't recall where, but I even tried renaming my .csv file and this of course did not work either.

Help! What am I doing wrong? It has to be something simple that I have missed.

Thanks in advance,

LIli

0 Karma

abhijeet01
Path Finder

Hi ifedak_splunk

Please find answer in the link below. May be this will help you.

https://answers.splunk.com/answers/549997/failed-to-find-event-log.html

0 Karma
Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...