Archive

web intelligence - problem with lookups and savedsearch

Explorer

We are trying to test the web intelligence app but have gotten stuck at the use 'savedsearch "Sourcenames Lookup"' to populate the saved search lookup part. Running the command in the UI search field does not generate any results in the /opt/splunk/etc/apps/webintelligence/lookups/sourcenames.csv file. Do these file permissions look right?:

 ls -l /opt/splunk/etc/apps/webintelligence/lookups/
 total 16  
 -rw-r--r-- 1 root root 1337 Feb  9  2011 httpstatus.csv 
 -rw------- 1 root root  111 Aug 26 09:49 sourcenames.csv
 -rw-r--r-- 1 root root   81 Jul  5 10:24 stopwords.csv  
 -rw------- 1 root root   20 Jul 26 16:38 userlistbyclientip.csv

Any suggestions on what I'm doing wrong?

Thanks,

-greg

0 Karma

Explorer

I was able to get the search to run with help from another post:

http://splunk-base.splunk.com/answers/29707/splunk-app-for-web-intelligence-missing-saved-search

Thanks,

-greg

0 Karma

Splunk Employee
Splunk Employee

Is Splunk running as root or as a non-root user? If the latter is the case, then no, Splunk won't be able to read sourcenames.csv. Run:

chmod 644 /opt/splunk/etc/apps/webintelligence/lookups/*
0 Karma

Explorer

Thanks for the reply. However, our Splunk instance is running as root. Any other suggestions?

0 Karma