All Apps and Add-ons

Web Intelligence App - no data

rcovert
Path Finder

I just set this up yesterday and am very new at this. I am using a linux sserver and I am trying to analyze IIS logs for Jan 1 and 2, 2012. I followed the setup instructions and ran the backfill_all script, which took forever. When I run the real-time dashboard for the first five minutes of Jan 1, I see data, but if I run it any longer, there is no data. When I go to Manager -> Indexes, it is showing the summary indexes are empty and I am suspecting this is the problem. How do I get these summary indexes filled, or do I have a different problem?

Tags (1)
0 Karma
1 Solution

rcovert
Path Finder

I decided to uninstall splunk and start over. After reinstalling it and re-importing my logs and running the backfill script, everything is working now.

View solution in original post

rcovert
Path Finder

I decided to uninstall splunk and start over. After reinstalling it and re-importing my logs and running the backfill script, everything is working now.

dennywebb
Path Finder

I've looked through the threads ChrisG posted as well and am still not finding answers that work.

I installed WI, Copied a series of windows IIS logs from my web server (this is the test environment), created an index and performed add data (all of which lives in the WI context) for the log file directory. All of these files have indexed into the index I created. I ran backfill_all.bat (after changing it to go back 2 years from today which matches up with my data) and have waited for it to run... none of the wi_summary* indexes are receiving any data... and as such our dashboard is not working.

Please help with next steps?

0 Karma

Brian_Osburn
Builder

The backfill_all.sh script should of taken care of this.

What settings did you use when you ran the setup? A screen shot would be great..

0 Karma

Brian_Osburn
Builder

I wanted to see what options you had used while setting up the app. Re-reading your issue I see that you actually have data showing up, just nothing past the first 5 minutes.

Were there any issues around the backfill_all script running?

0 Karma

rcovert
Path Finder

Before I ran the backfill_all.sh script, I changed the earliestTime and latestTime to match the Jan 1-3 timestamps. Then I just ran the script.

What would you like a screen shot of?

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...