All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk App for Windows - Error on Check Data

teak421
Path Finder
‎03-16-2020 02:50 PM

Hi... I've installed SAW and everything is proceeding fine until I get to the CHECK DATA part of the setup. What happens is that when it does search checks it returns invalid...or, no data within 24 hours. I copied the search that they used which is just sourcetype="Perfmon*" | head 5 and it does indeed return nothing. BUT, if I do index=oswinperf sourcetype="Perfmon*" | head 5 it works. So, how do I change the search setting inside of the configuration wizard so I can start using SAW? Thanks in advance for your help.

Reply

anmolpatel
Builder
‎03-16-2020 10:17 PM

@teak421 have you enabled the input?
Have you configured the indexes?
Are you sending the logs to the Indexer(s)?

Reply

teak421
Path Finder
‎03-16-2020 10:57 PM

The problem turned out that reading the documentation I did the recommended general indexes...those indexes were not the same as the indexes in the documentation for the SAWI app. Since I am new, I didn't catch that until I read further. I wish the documentation (which is quite good) was a little clearer on this.

Thanks for your reply...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...