All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk App for Windows - Error on Check Data

teak421
Path Finder
‎03-16-2020 02:50 PM

Hi... I've installed SAW and everything is proceeding fine until I get to the CHECK DATA part of the setup. What happens is that when it does search checks it returns invalid...or, no data within 24 hours. I copied the search that they used which is just sourcetype="Perfmon*" | head 5 and it does indeed return nothing. BUT, if I do index=oswinperf sourcetype="Perfmon*" | head 5 it works. So, how do I change the search setting inside of the configuration wizard so I can start using SAW? Thanks in advance for your help.

Reply

anmolpatel
Builder
‎03-16-2020 10:17 PM

@teak421 have you enabled the input?
Have you configured the indexes?
Are you sending the logs to the Indexer(s)?

Reply

teak421
Path Finder
‎03-16-2020 10:57 PM

The problem turned out that reading the documentation I did the recommended general indexes...those indexes were not the same as the indexes in the documentation for the SAWI app. Since I am new, I didn't catch that until I read further. I wish the documentation (which is quite good) was a little clearer on this.

Thanks for your reply...

0 Karma
Reply
Get Updates on the Splunk Community!

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...

Splunk AppDynamics Agents Webinar Series

Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...