All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk App for Windows - Error on Check Data

teak421
Path Finder
‎03-16-2020 02:50 PM

Hi... I've installed SAW and everything is proceeding fine until I get to the CHECK DATA part of the setup. What happens is that when it does search checks it returns invalid...or, no data within 24 hours. I copied the search that they used which is just sourcetype="Perfmon*" | head 5 and it does indeed return nothing. BUT, if I do index=oswinperf sourcetype="Perfmon*" | head 5 it works. So, how do I change the search setting inside of the configuration wizard so I can start using SAW? Thanks in advance for your help.

Reply

anmolpatel
Builder
‎03-16-2020 10:17 PM

@teak421 have you enabled the input?
Have you configured the indexes?
Are you sending the logs to the Indexer(s)?

Reply

teak421
Path Finder
‎03-16-2020 10:57 PM

The problem turned out that reading the documentation I did the recommended general indexes...those indexes were not the same as the indexes in the documentation for the SAWI app. Since I am new, I didn't catch that until I read further. I wish the documentation (which is quite good) was a little clearer on this.

Thanks for your reply...

0 Karma
Reply
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...