I am trying to use Web intelligence app on Splunk 5.x with a standard Apache logs (access_combined) that have all required fields.
In the setup screen, I can see the data indexed with sourcetype="access_c*".
After running backfill scripts, I don't see any data out of the reports/dashboards in the App.
Here are the checks I have done so far
- Make sure that the license is available
- I have edited events.conf to make sure the sourcetype is properly set
- looked in $SPLUNK_HOME/var/spool/splunk directory but did not see any files over there
- I see ERROR UserManager - Error while setting user context: Could not get info for non-existent user="nobody" in splunkd.log
- I checked the user has access to the indexes created by backfill scripts
- the general search is showing the events
Any tips or pointers on how to get the app working ?
-raghu
... View more