All Apps and Add-ons

Amazon Purchases Analysis for Splunk: Why do I have thesese ERROR and WARN messages? Where's my data?

New Member

Hello experts,
I'm new to Splunk, I would really appreciate some help here..
This is what I have done, I installed Splunk Enterprise on Window 10, running the latest release of Splunk Version 7.0.1 Build 2b5b15c4ee89
1. Ensured the env variables are set for SPLUNKHOME and SPLUNKDB
2. There was no existing indexes.conf in the local directory so I copied and modified the indexes.conf from default and put in $SPLUNKHOME/etc/system/local , The indexes were created and look fine.
3. next I download a .csv file from Amazon, this is called 01-Jan-2016
4. Then I uploaded the file in the GUI and set the sourecetype to amazon
-and the index to amazonpurchases.
I was able to see my upload data in Splunk core, but when I switched over to the add nothing is showing up.

Checked the Splunkd.log there are errors:
12-16-2017 10:54:42.598 -0800 ERROR ExecProcessor - message from ""C:\Program Files\Splunk\bin\splunk-winevtlog.exe"" splunk-winevtlog - WinEventMon::configure: Failed to find Event Log with channel name='Microsoft-Windows-Sysmon/Operational'
12-16-2017 10:54:57.854 -0800 WARN LookupOperator - Unable to find property=filename for lookup=zip
amazon.csv will attempt to use implicit filename.
12-16-2017 10:54:57.855 -0800 WARN LookupOperator - Using implicit filename=C:\Program Files\Splunk\etc\apps\amazonpurchases\lookups\zipamazon.csv implicit lookups do not use transforms.conf-defined settings.
12-16-2017 10:54:57.881 -0800 WARN LookupOperator - Unable to find property=filename for lookup=zip_amazon.csv will attempt to use implicit filename.

I'm not sure why it is referencing amazon.csv, that is not the name of my csv file, but I see this in a list after I upload, can't recall where, but I even tried renaming my .csv file and this of course did not work either.

Help! What am I doing wrong? It has to be something simple that I have missed.

Thanks in advance,


0 Karma

Path Finder

Hi ifedak_splunk

Please find answer in the link below. May be this will help you.

0 Karma