Using the tutorial and adding the Sampledata.zip file, Splunk states that it saved/indexed the data successfully. However, on searching on the dashboard page the data is not shown. I have successfully loaded real-time Linux data from the server running Splunk. I have also cleared the eventdata to ensure I start from a clean data set but still no show.
I've investigated further and come to the conclusion that there must be a config somewhere that needs to be enabled to accept data. I have a simple web server log on the localhost. Once again I have gone through the simplest Add Data process and all is saved without errors. But when I go to search there is no data displayed in the dashboard. I'm obviously missing something.
OK, thanks. Perhaps I should clarify what I'm trying to do...
Following exactly what the tutorial advises and loading the Sampledata.zip file, making the necessary changes under the "More settings" section (set host && regexp). I used the default index. It appears to "Save" without problems. But when I start searching the dashboard is blank. Without getting this part of the piece sorted I'm hard pushed to evaluate the product!
Thanks for the suggestion. Followed the tutorial and the summary dashboard page uses the default indexes. The sample index is enabled. Can I specify an index to use?
