All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to configure initial setup for the Splunk App for Web Analytics for my environment?

kevinc9048
Engager
‎12-09-2015 11:07 AM

I installed the App and began the process of trying to configure. I had to leverage sourcetype renaming as my logs from multiple servers are going into a common index with a custom source type. After I did that, I could get data to appear with tag=web in the search and see data in the configure web sites page.

I configured the web sites of interest to hosts and source. Under website configuration check in the documentation, I see a bunch of red exclamation points next to hosts and source data that I don't care about.

Is there a way to filter this data out of the application? If so, how? If not, does everything have to have a green check mark before you can proceed?

Looking at step 3, Run Lookups. I click on the "Generate user sessions" and it pulls up a different page with a "Last 30 day" time period and 0 events. Says "No results found". I'm wondering if this is a result of my issue listed above or another problem.

I'm super excited to start using this App. I'm just pretty confused as I am new to Splunk. Any help would be much appreciated!

-Pete

Reply

jbjerke_splunk
Splunk Employee
Splunk Employee
‎12-09-2015 02:35 PM

Hi Pete

When using sourcetype renaming the website setup page will not show the green checkmarks but it should work anyway so don't worry about that.

When searching for tag=web make sure that you are seeing eventtypes with eventtype=pageview . If not, the lookup search will not generate any events as it will filter out ell events.

If you are not seeing any events with eventtype=pageview can you check that the file field is extracted correctly from the events? If not the eventtypes might not work properly.

The file field should have values similar to this:

image.jpg
index.php
...

Let me know how you get along.

j

0 Karma
Reply

kevinc9048
Engager
‎12-10-2015 05:58 AM

Thanks for the quick response J. We may be on to something with the eventtype. I see the eventype field and it has 5 values none of which are pageview and all of them are 100% of the results. See below:

5 Values, 100% of events
Values Count %
direct-referer 303,323 100%
non-pageview 303,323 100%
visitor-type-direct 303,323 100%
web-traffic 303,323 100%
web-traffic-external 303,323 100%

I also do not see a file field type listed under selected fields or interesting fields. I looked at the "more fields" list and didn't see it listed there. Any suggestions on why this is happening or how to resolve?

Thanks for your help!

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...