Training + Certification Discussions

Has the sample data or the lab changed for Fundamentals 1?

Biggy
Explorer

The first time I noticed something might be different was during lab 5. There is a part of the lab that asks you to look at the source type and observe that the results from the query are coming from both the web_server and the web_application. This was not true, all the results came from the web_server. Now in lab 6 it asks me to run a query for index=main sourcetype=access_combined_wcookie action=purchase but no results are returned. I am sure that I will be able to get through the quiz but I am wondering if there is something that needs to be updated such as the data or the lab.

0 Karma
1 Solution

Biggy
Explorer

cbreshears,

The data was uploaded correctly. I honestly can't even imagine how an upload would be ingested incorrectly unless you edit the files that are provided by Splunk.

I figured out what was going on today... I noticed that each time a search is executed that the time is reset back to the 24 hour default. Everything appears to be returning results as intended now.

View solution in original post

0 Karma

Biggy
Explorer

cbreshears,

The data was uploaded correctly. I honestly can't even imagine how an upload would be ingested incorrectly unless you edit the files that are provided by Splunk.

I figured out what was going on today... I noticed that each time a search is executed that the time is reset back to the 24 hour default. Everything appears to be returning results as intended now.

0 Karma

woodcock
Esteemed Legend

@Biggy, you should click Accept to close the question.

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

Yes, that would do it.

0 Karma

cbreshears_splu
Splunk Employee
Splunk Employee

Biggy, it sounds like you might have ingested the data incorrectly. Please send an email to elearn@splunk.com and we will help you troubleshoot.

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

We've alerted that group to review and respond.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...