All Apps and Add-ons

Splunk App for Web Analytics: Dashboards=No Results, "site" Field Not Being Created

patelpin
New Member

Hello,

Currently having trouble getting the Web Analytics to work correctly. Non of the dashboards get results. I have scoured this site for explanations and keep getting similar answers, site setup might be incorrect. Though for the life of me... it's not working.

Details:
Universal Forwarder installed on the remote server. Index is main.

Website Setup:
Site = TESTSITE Host = TESTSITE Source = E:\Logfiles\W3SVC1\u_ex* Available host and source combinations have green checks on all entries.

Tag=web search works fine, eventtype=pageview populates, file populates, just no site

#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken

2016-07-22 15:37:05 W3SVC1 TESTSITE 10.1.19.90 POST //default.aspx/SearchSalesParts - 80 DOMAIN\USER CLIENTIP HTTP/1.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko ASP.NET_SessionId=qd0aktxyhjml5e33l5jj2kf0 http://testsite/default.aspx testsite 200 0 0 499 584 78

host = testsite  http_method = POST  http_referer = http://testsiteurl/default.aspx  http_request = /default.aspx/SearchSalesParts http_user_agent = Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko  source = E:\Logfiles\W3SVC1\u_ex160722.log  sourcetype = iis

I have followed the steps correctly in the documentation, and I've uninstalled/reinstalled the app already still same results. Any help would be appreciated, if you need any more details just ask I can get those no problem.

0 Karma
1 Solution

jbjerke_splunk
Splunk Employee
Splunk Employee

Hi

Do a search in Splunk for tag=web

Identity what the "host" field and the "source" contains. Make sure that whatever you see there is exactly (case sensitive) typed into the site configuration. Try without wildcard first to see that it works with single source, and then try with the wildcard (*) to include all sources.

Let me know how you get along.

j

View solution in original post

0 Karma

dailv1808
Path Finder

Hello,
i have same problem. can you give me a solve? thanks

0 Karma

jbjerke_splunk
Splunk Employee
Splunk Employee

Hi

Do a search in Splunk for tag=web

Identity what the "host" field and the "source" contains. Make sure that whatever you see there is exactly (case sensitive) typed into the site configuration. Try without wildcard first to see that it works with single source, and then try with the wildcard (*) to include all sources.

Let me know how you get along.

j

0 Karma

patelpin
New Member

Hello jbjerke,

After running the search tag=web I compared the results below. I changed the website config to lowercase and I now got all red exclamation points. HOWEVER, the lookups are now working, data model accelerated and I am getting results for the dashboards! Is this okay to have red exclamation points even though everything says I should have green checkpoints?

search host - testsite
website host - TESTSITE

website source - E:\Logfiles\W3SVC1\u_ex*
search source - E:\Logfiles\W3SVC1\u_ex160728.log

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...