All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk App for Windows - Error on Check Data

teak421
Path Finder
‎03-16-2020 02:50 PM

Hi... I've installed SAW and everything is proceeding fine until I get to the CHECK DATA part of the setup. What happens is that when it does search checks it returns invalid...or, no data within 24 hours. I copied the search that they used which is just sourcetype="Perfmon*" | head 5 and it does indeed return nothing. BUT, if I do index=oswinperf sourcetype="Perfmon*" | head 5 it works. So, how do I change the search setting inside of the configuration wizard so I can start using SAW? Thanks in advance for your help.

Reply

anmolpatel
Builder
‎03-16-2020 10:17 PM

@teak421 have you enabled the input?
Have you configured the indexes?
Are you sending the logs to the Indexer(s)?

Reply

teak421
Path Finder
‎03-16-2020 10:57 PM

The problem turned out that reading the documentation I did the recommended general indexes...those indexes were not the same as the indexes in the documentation for the SAWI app. Since I am new, I didn't catch that until I read further. I wish the documentation (which is quite good) was a little clearer on this.

Thanks for your reply...

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...