All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Web Intelligence App - no data

rcovert
Path Finder
‎02-09-2012 10:24 AM

I just set this up yesterday and am very new at this. I am using a linux sserver and I am trying to analyze IIS logs for Jan 1 and 2, 2012. I followed the setup instructions and ran the backfill_all script, which took forever. When I run the real-time dashboard for the first five minutes of Jan 1, I see data, but if I run it any longer, there is no data. When I go to Manager -> Indexes, it is showing the summary indexes are empty and I am suspecting this is the problem. How do I get these summary indexes filled, or do I have a different problem?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rcovert
Path Finder
‎02-10-2012 06:11 AM

I decided to uninstall splunk and start over. After reinstalling it and re-importing my logs and running the backfill script, everything is working now.

View solution in original post

Reply
Solved! Jump to solution
Solution

rcovert
Path Finder
‎02-10-2012 06:11 AM

I decided to uninstall splunk and start over. After reinstalling it and re-importing my logs and running the backfill script, everything is working now.

Reply
Solved! Jump to solution

dennywebb
Path Finder
‎02-09-2012 03:00 PM

I've looked through the threads ChrisG posted as well and am still not finding answers that work.

I installed WI, Copied a series of windows IIS logs from my web server (this is the test environment), created an index and performed add data (all of which lives in the WI context) for the log file directory. All of these files have indexed into the index I created. I ran backfill_all.bat (after changing it to go back 2 years from today which matches up with my data) and have waited for it to run... none of the wi_summary* indexes are receiving any data... and as such our dashboard is not working.

Please help with next steps?

0 Karma
Reply
Solved! Jump to solution

Brian_Osburn
Builder
‎02-09-2012 10:52 AM

The backfill_all.sh script should of taken care of this.

What settings did you use when you ran the setup? A screen shot would be great..

0 Karma
Reply
Solved! Jump to solution

Brian_Osburn
Builder
‎02-09-2012 11:03 AM

I wanted to see what options you had used while setting up the app. Re-reading your issue I see that you actually have data showing up, just nothing past the first 5 minutes.

Were there any issues around the backfill_all script running?

0 Karma
Reply
Solved! Jump to solution

rcovert
Path Finder
‎02-09-2012 10:55 AM

Before I ran the backfill_all.sh script, I changed the earliestTime and latestTime to match the Jan 1-3 timestamps. Then I just ran the script.

What would you like a screen shot of?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...