All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Web Analytics and Splunk Weblog Add-on: Why is no data returned from the lookups?

hoopydave
Path Finder
‎05-21-2015 11:09 AM

We installed these apps on our search head. We followed the instructions installing Splunk Weblog Add-on and it is enable, Sourcetype for our data is iis. The host and source don't show in the Available host and source combinations. I can manually search from the Splunk search app and see the data is there, but the Lookups come back with 0 records found.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hoopydave
Path Finder
‎05-26-2015 07:41 AM

As is tums out, the role we are in did not have the correct searching capabilities in Splunk. We needed to add All non-internal indexes to the Selected indexes in Access controls » Roles » [ROLE NAME]. We only had MAIN selected. Once we added that, we were able to see data.

View solution in original post

Reply
Solved! Jump to solution

fausap
Explorer
‎10-12-2017 08:30 AM

Hello,
I had some problems too.

I configured the app, with 3 months of data, and I also accelerated the dataset without any problem, but when I go to Analytics dashboard, I can see only the data for the current day.
The "generate user sessions" and "generate pages" lookups ran successfully displaying the entire period of 3 months.

Any idea about this odd behaviour ?

thanks,
Fausto

0 Karma
Reply
Solved! Jump to solution
Solution

hoopydave
Path Finder
‎05-26-2015 07:41 AM

As is tums out, the role we are in did not have the correct searching capabilities in Splunk. We needed to add All non-internal indexes to the Selected indexes in Access controls » Roles » [ROLE NAME]. We only had MAIN selected. Once we added that, we were able to see data.

Reply
Solved! Jump to solution

sinash
Explorer
‎01-21-2017 11:57 PM

Self-experience: Even if you're using the admin account, you have to add All non-internal indexes and All internal indexes to Indexes searched by default.

0 Karma
Reply
Solved! Jump to solution

jbjerke_splunk
Splunk Employee
Splunk Employee
‎05-21-2015 03:21 PM

Hi hoopydave

The search powering the panel in the Website configuration looks like this:

| tstats prestats=t count where index=* by host,source | stats count AS events by host, source | search host=*"*"* OR source=*"*"*

Make sure that the search returns something. If not, can you try and running the search:

tag=web

and see if that returns something.

Please note that Splunk app for Web Analytics will only work on Splunk version 6.2 and higher.

j

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...