All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Analytics Center shows nothing even after the data was accelerated.

bkirk
Path Finder
‎08-01-2018 06:32 AM

So I have tried to load the sample data as well as some apache logs, yet when I go toe the Analytics Center I don't get any results for the site/time period.

We have looked at the searches and it is looking for "Web.eventtype"=pageview however it seems that non of the eventtypes are there. Looking at the long search that creates the datamodel it has a DIRECTIVES function that seems to lose the eventtypes: DIRECTIVES(REQUIRED_TAGS(tags="pci,proxy,web_watchlist" intersect="t")).

Are we doing something wrong, it seems like it should just work, but there is a lot that goes on behind the scenes to make this all happen and somewhere we seem to have a breakdown.

I have done all the following:

  1. Created a custom index for my apache logs
  2. Index the sample set of data I have for one day of apache logs
  3. Configured the website
  4. Generated the sessions
  5. Generated the pages
  6. Enabled acceleration

Note: we changed the sessions, pages, and datamodel to only search our index, weblogs_test to avoid pulling in other data we don't want to search yet. We added the index because we have other logs in splunk that also get the tag=web so we don't want to include those yet (30 gigs a day) in the datamodel until we get it working with this test data.

Thank you,
Brian Kirk

0 Karma
Reply

bkirk
Path Finder
‎08-09-2018 11:52 AM

Removing the CIM app and changing some data models we were able to get this to work. Doesn't seem practical if we need both CIM for other things and the splunk app for web analytics.

Got it working but not really the answer I wanted.

0 Karma
Reply

bkirk
Path Finder
‎08-06-2018 07:20 AM

Has anyone else had Splunk CIM installed and not accelerated? It has a Web data model that seems to conflict with the Web data model in Splunk App for Web Analytics. To fix the issue we deleted the Splunk CIM app since we weren't using it on the search head the web analytics was installed on.

Thank you,
Brian Kirk

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top