Training + Certification Discussions
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Has the sample data or the lab changed for Fundamentals 1?

Biggy
Explorer
‎06-19-2018 05:25 PM

The first time I noticed something might be different was during lab 5. There is a part of the lab that asks you to look at the source type and observe that the results from the query are coming from both the web_server and the web_application. This was not true, all the results came from the web_server. Now in lab 6 it asks me to run a query for index=main sourcetype=access_combined_wcookie action=purchase but no results are returned. I am sure that I will be able to get through the quiz but I am wondering if there is something that needs to be updated such as the data or the lab.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Biggy
Explorer
‎06-20-2018 01:19 PM

cbreshears,

The data was uploaded correctly. I honestly can't even imagine how an upload would be ingested incorrectly unless you edit the files that are provided by Splunk.

I figured out what was going on today... I noticed that each time a search is executed that the time is reset back to the 24 hour default. Everything appears to be returning results as intended now.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Biggy
Explorer
‎06-20-2018 01:19 PM

cbreshears,

The data was uploaded correctly. I honestly can't even imagine how an upload would be ingested incorrectly unless you edit the files that are provided by Splunk.

I figured out what was going on today... I noticed that each time a search is executed that the time is reset back to the 24 hour default. Everything appears to be returning results as intended now.

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎06-30-2018 04:42 PM

@Biggy, you should click Accept to close the question.

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎06-20-2018 03:45 PM

Yes, that would do it.

0 Karma
Reply
Solved! Jump to solution

cbreshears_splu
Splunk Employee
Splunk Employee
‎06-20-2018 11:35 AM

Biggy, it sounds like you might have ingested the data incorrectly. Please send an email to elearn@splunk.com and we will help you troubleshoot.

0 Karma
Reply
Solved! Jump to solution

DalJeanis
Legend
‎06-20-2018 11:21 AM

We've alerted that group to review and respond.

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...