All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Duplicate entries website monitoring

afx
Contributor
‎01-22-2020 07:14 AM

Hi,
I am using the 2.9.0 version of Website Monitoring (this was also present in 2.8.0).
Thanks to a huge number inputs to be added, I modified the inputs.conf and restarted splunkd.
Now I see duplicate entries like the following:
alt text

Any ideas what is messed up? Of course there is only one entry in the local inouts.conf file.

EDIT: I also see old entries where I changed the name of the input, they still show up.

thx
afx

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jwiedow
Communicator
‎01-24-2020 04:47 PM

@afx Try changing your time selector in the dashboard to be for a shorter period of time than the last time you modified it. This is expected behavior due to the change in the stanza name and that the data has been indexed with the old stanza as the source. A raw search of the webping data will prove this out.

Based on your picture above, the duplicate row will disappear if you update your time selector to the last 15 minutes.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jwiedow
Communicator
‎01-24-2020 04:47 PM

@afx Try changing your time selector in the dashboard to be for a shorter period of time than the last time you modified it. This is expected behavior due to the change in the stanza name and that the data has been indexed with the old stanza as the source. A raw search of the webping data will prove this out.

Based on your picture above, the duplicate row will disappear if you update your time selector to the last 15 minutes.

0 Karma
Reply
Solved! Jump to solution

afx
Contributor
‎01-27-2020 12:25 AM

Yup, that was the reason.
I was wrongly thinking that the report is based on the definition not the log entries.
thx
afx

0 Karma
Reply
Solved! Jump to solution

nickhills
Ultra Champion
‎01-22-2020 07:27 AM

Is there any chance that entry has been mistakenly added in ./default/inputs.conf also?

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Solved! Jump to solution

afx
Contributor
‎01-22-2020 07:35 AM

Nope, default only has the user agent definition.

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...