Archive
Highlighted

Splunk app for Web Intelligence : missing saved search?

Engager

I installed the beta web intelligence app and I'm trying to load data and check it out. I've run the backfill scripts and I'm making headway... but I can't find the savedsearch "Sourcenames Lookup". Where should i find it? Can someone post it?

thanks

Highlighted

Re: Splunk app for Web Intelligence : missing saved search?

Explorer

Hi Chris,

As I understand the documentation, the savedsearch is run from the search window in the UI.

From http://docs.splunk.com/Documentation/WebIntel/latest/User/Definingsitesources:

First, run the saved search called
"Sourcenames Lookup" to populate the
lookup table. You can run this search
from the Search view:

| savedsearch "Sourcenames Lookup"

However, when I run it I get no results, not sure what the problem is...anyone have an idea why or what to try next?

Thanks,

-greg

Highlighted

Re: Splunk app for Web Intelligence : missing saved search?

Splunk Employee
Splunk Employee

The search is:

eventtype=web-traffic | stats count by source | eval sourcename=" " | inputlookup append=t sourcenames.csv | stats last(sourcename) as sourcename by source | outputlookup sourcenames.csv

Have you configured the log sources (analogous to splunk source field) for the app?

What does your eventtype "web-traffic" contain?

View solution in original post

Highlighted

Re: Splunk app for Web Intelligence : missing saved search?

Explorer

Thanks Archana.

Just to clarify for others, the search has to be run from inside the Web Intelligence App. The 'web-traffic' eventtype is not defined in the standard search app.