Training + Certification Discussions
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Has the sample data or the lab changed for Fundamentals 1?

Biggy
Explorer
‎06-19-2018 05:25 PM

The first time I noticed something might be different was during lab 5. There is a part of the lab that asks you to look at the source type and observe that the results from the query are coming from both the web_server and the web_application. This was not true, all the results came from the web_server. Now in lab 6 it asks me to run a query for index=main sourcetype=access_combined_wcookie action=purchase but no results are returned. I am sure that I will be able to get through the quiz but I am wondering if there is something that needs to be updated such as the data or the lab.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Biggy
Explorer
‎06-20-2018 01:19 PM

cbreshears,

The data was uploaded correctly. I honestly can't even imagine how an upload would be ingested incorrectly unless you edit the files that are provided by Splunk.

I figured out what was going on today... I noticed that each time a search is executed that the time is reset back to the 24 hour default. Everything appears to be returning results as intended now.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Biggy
Explorer
‎06-20-2018 01:19 PM

cbreshears,

The data was uploaded correctly. I honestly can't even imagine how an upload would be ingested incorrectly unless you edit the files that are provided by Splunk.

I figured out what was going on today... I noticed that each time a search is executed that the time is reset back to the 24 hour default. Everything appears to be returning results as intended now.

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎06-30-2018 04:42 PM

@Biggy, you should click Accept to close the question.

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎06-20-2018 03:45 PM

Yes, that would do it.

0 Karma
Reply
Solved! Jump to solution

cbreshears_splu
Splunk Employee
Splunk Employee
‎06-20-2018 11:35 AM

Biggy, it sounds like you might have ingested the data incorrectly. Please send an email to elearn@splunk.com and we will help you troubleshoot.

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎06-20-2018 11:21 AM

We've alerted that group to review and respond.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...