All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to configure initial setup for the Splunk App for Web Analytics for my environment?

kevinc9048
Engager
‎12-09-2015 11:07 AM

I installed the App and began the process of trying to configure. I had to leverage sourcetype renaming as my logs from multiple servers are going into a common index with a custom source type. After I did that, I could get data to appear with tag=web in the search and see data in the configure web sites page.

I configured the web sites of interest to hosts and source. Under website configuration check in the documentation, I see a bunch of red exclamation points next to hosts and source data that I don't care about.

Is there a way to filter this data out of the application? If so, how? If not, does everything have to have a green check mark before you can proceed?

Looking at step 3, Run Lookups. I click on the "Generate user sessions" and it pulls up a different page with a "Last 30 day" time period and 0 events. Says "No results found". I'm wondering if this is a result of my issue listed above or another problem.

I'm super excited to start using this App. I'm just pretty confused as I am new to Splunk. Any help would be much appreciated!

-Pete

Reply

jbjerke_splunk
Splunk Employee
Splunk Employee
‎12-09-2015 02:35 PM

Hi Pete

When using sourcetype renaming the website setup page will not show the green checkmarks but it should work anyway so don't worry about that.

When searching for tag=web make sure that you are seeing eventtypes with eventtype=pageview . If not, the lookup search will not generate any events as it will filter out ell events.

If you are not seeing any events with eventtype=pageview can you check that the file field is extracted correctly from the events? If not the eventtypes might not work properly.

The file field should have values similar to this:

image.jpg
index.php
...

Let me know how you get along.

j

0 Karma
Reply

kevinc9048
Engager
‎12-10-2015 05:58 AM

Thanks for the quick response J. We may be on to something with the eventtype. I see the eventype field and it has 5 values none of which are pageview and all of them are 100% of the results. See below:

5 Values, 100% of events
Values Count %
direct-referer 303,323 100%
non-pageview 303,323 100%
visitor-type-direct 303,323 100%
web-traffic 303,323 100%
web-traffic-external 303,323 100%

I also do not see a file field type listed under selected fields or interesting fields. I looked at the "more fields" list and didn't see it listed there. Any suggestions on why this is happening or how to resolve?

Thanks for your help!

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...