All Apps and Add-ons

Unable to Generate Pages

kmower
Communicator

I am getting 0 pages when I run generate sessions on Set up of the Web Analytics Add-On. Sessions generated just fine (by the looks of it). I have edited props.conf and eventtypes.conf as per jbjerke's reply to my previous question about ms:iis:auto here - https://answers.splunk.com/answers/727931/is-it-easy-to-ingest-advanced-iis-logs-into-the-sp.html

Just hoping someone - jbjerke ? - can help me out with generate pages for ms:iis:auto source type. Thanks.

0 Karma

jbjerke_splunk
Splunk Employee
Splunk Employee

Hi

New version of the app is now live which hopefully solve this issue.
https://splunkbase.splunk.com/app/2699

v 2.2.0
- Added an option to use a different data model name than "Web". This caused conflicts with the default CIM datamodel also called Web.
- Made changes to Sites setup dashboard to make it easier.
- Migrated website setup settings to the KV store.
- Added better support for IIS. Now supports ms:iis:auto and ms:iis:default sourcetypes which comes from the official IIS Add-on.
- Updated User agent string parsing to latest version
- Various bug fixes

0 Karma

jbjerke_splunk
Splunk Employee
Splunk Employee

Hi guys,

I'm almost finished with a new version that has better support for ms:iis:* sourcetypes and a feature where you can select your own datamodel name. This is configured in a macro provided with the app.

You can look at the source for this here:
https://github.com/johanbjerke/SplunkAppForWebAnalytics

This is the unpackaged version of the app so there are files in the local folders etc. Use at your own risk 🙂

johan

0 Karma

kmower
Communicator

Thanks for sticking with this Johan, I really appreciate it and I am sure that many other Splunkers with IIS logs will be very happy as well. I will give that new version a whirl ... is there anywhere you would like feedback from my testing of it? Thanks again.

0 Karma

kmower
Communicator

Hi Johan,

I ran that new version into my Test server, and I am still unable to generate pages. I can generate sessions. I can see your entries, such as WAYNE-Y13R4NAL1 etc. in the websites. However I am still hung up on being able to generate pages. Thanks.

0 Karma

jbjerke_splunk
Splunk Employee
Splunk Employee

Hi

Would it be possible for you to send me a few log lines? You can redact anything sensitive, I just need the format. My email is johan and Splunk.com.

johan

0 Karma

kmower
Communicator

Sure, whatever you want. Which log/log files would you like? Thanks.

0 Karma

kmower
Communicator

I have looked at the Generate Pages lookup and compared it with the props.conf I mentioned above. It seems to focus on http_request as the page view.

It seems that for [iis] and [ms:iis:auto] there is this entry in regard to FIELDALIAS-http_referrer. All I can see is this line:

FIELDALIAS-uri = cs_uri_stem AS http_request

Whereas [apache:access] has an Extract statement and also a FIELDALIAS-http_request:

FIELDALIAS-http_request = http_request AS uri

I am not an expert, but it seems to me that there needs to be a FIELDALIAS-http_request in the sourcetype in order to generate pages. Anyway, I may give that a go.

0 Karma

kmower
Communicator

Hmmm .... I just looked at the 'web' Data Model and there is no http_request in there either. I am stuck. I tried adding in FIELDALIAS-http_request = cs_uri_stem AS http_request for [ms:iis:auto] and no luck with that either for generating pages.

0 Karma

DavidHourani
Super Champion

Hi @kmower, what do you mean by generate pages, and what is the problem exactly with this http_request field, is it not showing or something ? I'm having a hard time understanding the question, too much information ^^

0 Karma

kmower
Communicator

It is the second step of setting up the Splunk App for Web Analytics - https://splunkbase.splunk.com/app/2699/#/details - after generating sessions.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...