Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

web intelligence - problem with lookups and savedsearch

gjfrater
Explorer
‎08-26-2011 10:23 AM

We are trying to test the web intelligence app but have gotten stuck at the use 'savedsearch "Sourcenames Lookup"' to populate the saved search lookup part. Running the command in the UI search field does not generate any results in the /opt/splunk/etc/apps/webintelligence/lookups/sourcenames.csv file. Do these file permissions look right?:

 ls -l /opt/splunk/etc/apps/webintelligence/lookups/
 total 16  
 -rw-r--r-- 1 root root 1337 Feb  9  2011 httpstatus.csv 
 -rw------- 1 root root  111 Aug 26 09:49 sourcenames.csv
 -rw-r--r-- 1 root root   81 Jul  5 10:24 stopwords.csv  
 -rw------- 1 root root   20 Jul 26 16:38 userlistbyclientip.csv

Any suggestions on what I'm doing wrong?

Thanks,

-greg

0 Karma
Reply

gjfrater
Explorer
‎08-29-2011 09:23 AM

I was able to get the search to run with help from another post:

http://splunk-base.splunk.com/answers/29707/splunk-app-for-web-intelligence-missing-saved-search

Thanks,

-greg

0 Karma
Reply

araitz
Splunk Employee
Splunk Employee
‎08-26-2011 11:44 AM

Is Splunk running as root or as a non-root user? If the latter is the case, then no, Splunk won't be able to read sourcenames.csv. Run:

chmod 644 /opt/splunk/etc/apps/webintelligence/lookups/*
0 Karma
Reply

gjfrater
Explorer
‎08-29-2011 08:03 AM

Thanks for the reply. However, our Splunk instance is running as root. Any other suggestions?

0 Karma
Reply
Get Updates on the Splunk Community!