Dashboards & Visualizations

Sampledata.zip is loaded but cannot be seen in dashboard

cby
New Member

Hi

Using the tutorial and adding the Sampledata.zip file, Splunk states that it saved/indexed the data successfully. However, on searching on the dashboard page the data is not shown. I have successfully loaded real-time Linux data from the server running Splunk. I have also cleared the eventdata to ensure I start from a clean data set but still no show.

Any advice gratefully received. Thanks.

Regards
cby

0 Karma

cby
New Member

OK, sorted. If in doubt uninstall splunk and start all over again.

0 Karma

cby
New Member

I've investigated further and come to the conclusion that there must be a config somewhere that needs to be enabled to accept data. I have a simple web server log on the localhost. Once again I have gone through the simplest Add Data process and all is saved without errors. But when I go to search there is no data displayed in the dashboard. I'm obviously missing something.

Any pointers much appreciated.

0 Karma

cby
New Member

OK, thanks. Perhaps I should clarify what I'm trying to do...

Following exactly what the tutorial advises and loading the Sampledata.zip file, making the necessary changes under the "More settings" section (set host && regexp). I used the default index. It appears to "Save" without problems. But when I start searching the dashboard is blank. Without getting this part of the piece sorted I'm hard pushed to evaluate the product!

0 Karma

sophy
Splunk Employee
Splunk Employee

I probably misunderstood this question when I answered--sorry. I'm not sure what you mean about the sample index being enabled?

0 Karma

sophy
Splunk Employee
Splunk Employee

You can definitely upload the data into a different index, which you can specify under "More settings" from the "Add data" screen.

Just remember to include the index in your searches... for example,

index=tutorial sourcetype=access_* ...

cby
New Member

Hi

Thanks for the suggestion. Followed the tutorial and the summary dashboard page uses the default indexes. The sample index is enabled. Can I specify an index to use?

cby

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi cby

are you searching the correct index and time range?

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...