Archive

Splunk app for Web Intelligence : missing saved search?

Engager

I installed the beta web intelligence app and I'm trying to load data and check it out. I've run the backfill scripts and I'm making headway... but I can't find the savedsearch "Sourcenames Lookup". Where should i find it? Can someone post it?

thanks

1 Solution

Splunk Employee
Splunk Employee

The search is:

eventtype=web-traffic | stats count by source | eval sourcename=" " | inputlookup append=t sourcenames.csv | stats last(sourcename) as sourcename by source | outputlookup sourcenames.csv

Have you configured the log sources (analogous to splunk source field) for the app?

What does your eventtype "web-traffic" contain?

View solution in original post

Splunk Employee
Splunk Employee

The search is:

eventtype=web-traffic | stats count by source | eval sourcename=" " | inputlookup append=t sourcenames.csv | stats last(sourcename) as sourcename by source | outputlookup sourcenames.csv

Have you configured the log sources (analogous to splunk source field) for the app?

What does your eventtype "web-traffic" contain?

View solution in original post

Explorer

Thanks Archana.

Just to clarify for others, the search has to be run from inside the Web Intelligence App. The 'web-traffic' eventtype is not defined in the standard search app.

Explorer

Hi Chris,

As I understand the documentation, the savedsearch is run from the search window in the UI.

From http://docs.splunk.com/Documentation/WebIntel/latest/User/Definingsitesources:

First, run the saved search called
"Sourcenames Lookup" to populate the
lookup table. You can run this search
from the Search view:

| savedsearch "Sourcenames Lookup"

However, when I run it I get no results, not sure what the problem is...anyone have an idea why or what to try next?

Thanks,

-greg

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!