Dear professionals,
I have found interesting to use Website Monitoring App. Installed App, connected it with new (created by myself) index but there were no data at App Dashboard. Looking at search string showed that there were unexisting index "web_ping". Athough I could find several logs through Splunk search engine.
The question is: am I doing everything the right way?
Thanks!
Did you define your own index? if so, you will need to add the index to your account's list of indexes to search by default. You can add it by using the Splunk Manager:
To test if that works, run a search for logs with sourcetype of "web_ping" (without specifying the index):
sourcetype=web_ping
You shouldn't need a custom index at all. I would recommend leaving it such that the data gets sent to the main index. The app looks for data that is sourcetyped "web_ping" regardless of the index.
Hi Luke,
if app installed at search head, data flow will be there in main index or custom index at search head level. If we add more than 100 websites, will it impact any performance ? Or can we install and maintain this app at indexer level ?
Luke, thanks!
Unfortunately I use free Splunk version, therefore I can't add index.
May I ask you write step-by-step App installation process on Splunk - best practice?