I installed the App and began the process of trying to configure. I had to leverage sourcetype renaming as my logs from multiple servers are going into a common index with a custom source type. After I did that, I could get data to appear with tag=web in the search and see data in the configure web sites page.
I configured the web sites of interest to hosts and source. Under website configuration check in the documentation, I see a bunch of red exclamation points next to hosts and source data that I don't care about.
Is there a way to filter this data out of the application? If so, how? If not, does everything have to have a green check mark before you can proceed?
Looking at step 3, Run Lookups. I click on the "Generate user sessions" and it pulls up a different page with a "Last 30 day" time period and 0 events. Says "No results found". I'm wondering if this is a result of my issue listed above or another problem.
I'm super excited to start using this App. I'm just pretty confused as I am new to Splunk. Any help would be much appreciated!
Thanks for the quick response J. We may be on to something with the eventtype. I see the eventype field and it has 5 values none of which are pageview and all of them are 100% of the results. See below:
I also do not see a file field type listed under selected fields or interesting fields. I looked at the "more fields" list and didn't see it listed there. Any suggestions on why this is happening or how to resolve?