- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Companion App for the Packt Book Splunk Developers...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Companion App for the Packt Book Splunk Developers Guide: Why are we getting "The lookup table 'meh_products' is invalid" in each panel?
Going through the book, got to the part that describes creation of an event type (Location 782 Kindle version). Doing this requires data but, when following the app creation process in the book, there is no data yet to search on. This being the case, I downloaded version 1.1 of the app and installed it on my splunk instance (v 6.2.3 Build 64376), restarted splunk and provided the meh API key. After that, the dashboard appears, but I get the yellow "!" triangle in each lower right corner. Hover over it to reveal "The lookup table 'meh_products' is invalid" and there is no data in any of the panels. Also tried version 1.0 of the app - same result.
One of my colleagues pointed out there there is nothing configured for the sdgAPI data input. We tried adding the meh API URL+API_KEY with no other options to no avail and also tried (more settings) adding json_no_timestamp as the sourcetype and pointed it at the splunk_developers_guide index also to no avail.
Please advise.
Earl Sammons
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Creating Eventtypes doesn't require data. You can create them using both methods without data of any kind. To use them in a search will require data.
I fixed the indexes.conf in my copy, thanks!
==EDIT==
So it's a data ingestion issue. I neglected to add an API input in the App that pulls Meh Product Details. If you add this input to the app, the dashboards should all populate correctly.
[sdgAPI://meh_details]
api_url = https://www.kimonolabs.com/api/ondemand/b77941lk
interval = 60
sourcetype = meh_details
index = splunk_developers_guide
To be sure, I will add an Eventgen to this App to remedy this problem. Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please accept the answer if it has ... well... answered your question 😄 Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the time in RIC yesterday. After lettign the changes we made settle for a day, more shows up than before but the Overview dashboard still has NA for both Total Revenue and Average Revenue per Item.
Info: Under Reports, forum_summary_gen yields no results, product_kv_gen (product_KV_gen) does not appear to be defined under Setting/Advanced/Search Macros so it fails. The quary for product_kv_gen found in the book yields no results for me
More Info: If you go to "Dashboards", neither of "Google Maps" nor "key_value_stores" have anything - Not sure if that is relevant.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, technically, you don't need data to create eventtypes. I was referring to following along in the book but will push that discussion to the appropriate forum.
Back to the app - I'm referring to all 4 dashboards. App out of the box - No event accumulation and no info on dashboards. After configuring the sdgAPI as described above, events are accumulating but nothing shows up on any dashboard panels (either "NA" or "No results found").
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hrm, ok. Find me on IRC (#splunk on efnet), we shall do a live dive into what's going on, then I'll post answer here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Additional info on above...
After passing the 5 minute mark (I set the sdgAPI data input to cycle on 5 minute interval) I the error ("The lookup table 'meh_products' is invalid") is gone and I now see events accumulating but there is still no data populating the panels. Noticed some timestamps int eh search results so switched sourcetype form json_no_timestamp to _jason and there apears to be no change.
Side note: Usung Linux for the splunk instance. The path to indexes in the app uses backslashes which, technically works on a linux box but likely doesn't produce the desired result - You end up with this:
ls -l /opt/splunk/var/lib
total 16
drwx------ 18 splunk splunk 4096 Jun 30 15:46 splunk
drwx------ 2 splunk splunk 4096 Jun 30 15:18 splunk\splunk_developers_guide\colddb
drwx------ 4 splunk splunk 4096 Jun 30 16:44 splunk\splunk_developers_guide\db
drwx------ 2 splunk splunk 4096 Jun 30 15:18 splunk\splunk_developers_guide\thaweddb
Earl Sammons
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
