All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk App for Web Analytics: How to resolve missing data?

jgauthier
Contributor
‎03-17-2017 12:24 PM

I've read several threads on this already, as well as have been over the documentation. I'm not sure what I've done incorrectly.

Quick summary:

Apache data is going into Splunk. Source type is apache:access. I added this to the [web-traffic] section in eventtypes.conf: 

[OR sourcetype="apache:access"]

The logs are going to the 'main' index, which my user has access to.
The lookups under "setup" do not return any data, nor does eventtype=web-traffic
However, tag=web does work in the app context.

"Data model audit" also does not return data. (and acceleration says 0)

What am I missing with this?

Thanks!

0 Karma
Reply

jbjerke_splunk
Splunk Employee
Splunk Employee
‎03-20-2017 09:37 AM

Hi jgauthier

The apache:access sourcetype does not extract all the fields you require for this app out of the box. Make sure that all field extractions that are currently mapped to sourcetype access_combined are also mapped to apache:access. You can do this by making a copy of props.conf in the "default" folder into the "local" folder and edit the section with field extractions linked to "access"combined"/

Let me know how you get along.

johan

0 Karma
Reply

woodcock
Esteemed Legend
‎03-17-2017 01:33 PM

What "lookups under setup"? It will really help if you provide a more complete context and fuller framing of your problem including sample events and searches.

0 Karma
Reply

jgauthier
Contributor
‎03-17-2017 02:32 PM

Are you familiar with the application?

From the instructions:
Once the data has been imported run the two lookups "Generate user sessions" and "Generate pages".

They are the only two lookups under 'Setup' in the context of the application.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...