Splunk Search

Why won't Splunk's timeline show anything?

Explorer

I recently installed Splunk v. 4.2.5 (113966) on an Ubuntu server v. 11.10. While it is indexing info, the timeline doesn't work at all. Any idea what I'm doing wrong?

Tags (1)
0 Karma

Explorer

It could be that the timestamps are being interpreted incorrectly and that the time window you have set for your timeline doesn't match the range of time that Splunk thinks the events happened at. Try setting your timeline to be 'All time' and see if some data shows up. Alternately, try using Splunk 4.3, which has a nice preview workflow for seeing how Splunk will interpret your data before you add it.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!