Learning Splunk and plugging away at it. I downloaded and installed the Splunk App for Nx Version: 5.2.2 on my Splunk Server, (CentOS7) Accepted default configuration, and the dashboard opens only there is no data. So I am assuming I need to add data inputs, anyone help me out and tell me exactly what data inputs I need to add please? ... View more

Hi everyone, I have exhausted the guess and click on this. I'm learning Splunk by following the book Operational intelligence Cookbook Volume 2 and I have hit a wall. The Recipe I'm working on is supposed to chart an applications functional statics, here is the code in the book. index = main sourcetype = log4j | eval mem_used_MB =( mem_used/ 1024)/ 1024 | eval mem_total_MB =( mem_total/ 1024)/ 1024 | timechart span = 1m values( mem_total_MB) AS Total_Mem_Avail_MB, count AS Total_Calls, avg( mem_used_MB) AS Avg_Mem_Used_MB, avg( response_time) AS Avg_Response_Time This works fine except that AVG_Response_Time produces no values. I changed the code someone to also use sourcetype="access_combined" and instead of AS Avg_Response_Time I changed it to just avg_response and added the round function. index=main sourcetype=log4j OR sourcetype="access_combined" | eval mem_used_MB=(mem_used/1024)/1024 | eval mem_total_MB=(mem_total/1024)/1024 ** |eval avg_response=round(response/1000,2)** |timechart span=1m values(mem_total_MB) AS Total_Mem_Avail_MB, count AS Total_Calls, avg(mem_used_MB) AS Avg_Mem_Used_MB, avg(avg_response) As avg_response_time Now the avg_response responses times show up in the statistics output but I'm wondering why the books code did not work? Why did I have to add another sourcetype? Should I have added a field "response_time" in field extractor? What am I missing? Thanks for any help ... View more