All Apps and Add-ons

Amazon Purchases Analysis for Splunk: Why do I have thesese ERROR and WARN messages? Where's my data?

lrod99
New Member

Hello experts,
I'm new to Splunk, I would really appreciate some help here..
This is what I have done, I installed Splunk Enterprise on Window 10, running the latest release of Splunk Version 7.0.1 Build 2b5b15c4ee89
1. Ensured the env variables are set for SPLUNK_HOME and SPLUNK_DB
2. There was no existing indexes.conf in the local directory so I copied and modified the indexes.conf from default and put in $SPLUNK_HOME/etc/system/local , The indexes were created and look fine.
3. next I download a .csv file from Amazon, this is called 01-Jan-2016_to_16-Dec-2017.csv
4. Then I uploaded the file in the GUI and set the sourecetype to amazon_purchases
-and the index to amazon_purchases.
I was able to see my upload data in Splunk core, but when I switched over to the add nothing is showing up.

Checked the Splunkd.log there are errors:
12-16-2017 10:54:42.598 -0800 ERROR ExecProcessor - message from ""C:\Program Files\Splunk\bin\splunk-winevtlog.exe"" splunk-winevtlog - WinEventMon::configure: Failed to find Event Log with channel name='Microsoft-Windows-Sysmon/Operational'
12-16-2017 10:54:57.854 -0800 WARN LookupOperator - Unable to find property=filename for lookup=zip_amazon.csv will attempt to use implicit filename.
12-16-2017 10:54:57.855 -0800 WARN LookupOperator - Using implicit filename=C:\Program Files\Splunk\etc\apps\amazon_purchases\lookups\zip_amazon.csv implicit lookups do not use transforms.conf-defined settings.
12-16-2017 10:54:57.881 -0800 WARN LookupOperator - Unable to find property=filename for lookup=zip_amazon.csv will attempt to use implicit filename.

I'm not sure why it is referencing amazon.csv, that is not the name of my csv file, but I see this in a list after I upload, can't recall where, but I even tried renaming my .csv file and this of course did not work either.

Help! What am I doing wrong? It has to be something simple that I have missed.

Thanks in advance,

LIli

0 Karma

abhijeet01
Path Finder

Hi ifedak_splunk

Please find answer in the link below. May be this will help you.

https://answers.splunk.com/answers/549997/failed-to-find-event-log.html

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...