Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk app for Web Intelligence : missing saved search?

chrispayne
Engager
‎08-26-2011 07:50 AM

I installed the beta web intelligence app and I'm trying to load data and check it out. I've run the backfill scripts and I'm making headway... but I can't find the savedsearch "Sourcenames Lookup". Where should i find it? Can someone post it?

thanks

Reply
1 Solution
Solved! Jump to solution
Solution

Archana
Splunk Employee
Splunk Employee
‎08-27-2011 10:27 PM

The search is:

eventtype=web-traffic | stats count by source | eval sourcename=" " | inputlookup append=t sourcenames.csv | stats last(sourcename) as sourcename by source | outputlookup sourcenames.csv

Have you configured the log sources (analogous to splunk source field) for the app?

What does your eventtype "web-traffic" contain?

View solution in original post

Reply
Solved! Jump to solution
Solution

Archana
Splunk Employee
Splunk Employee
‎08-27-2011 10:27 PM

The search is:

eventtype=web-traffic | stats count by source | eval sourcename=" " | inputlookup append=t sourcenames.csv | stats last(sourcename) as sourcename by source | outputlookup sourcenames.csv

Have you configured the log sources (analogous to splunk source field) for the app?

What does your eventtype "web-traffic" contain?

Reply
Solved! Jump to solution

gjfrater
Engager
‎08-29-2011 09:21 AM

Thanks Archana.

Just to clarify for others, the search has to be run from inside the Web Intelligence App. The 'web-traffic' eventtype is not defined in the standard search app.

Reply
Solved! Jump to solution

gjfrater
Engager
‎08-26-2011 09:22 AM

Hi Chris,

As I understand the documentation, the savedsearch is run from the search window in the UI.

From http://docs.splunk.com/Documentation/WebIntel/latest/User/Definingsitesources:

First, run the saved search called
"Sourcenames Lookup" to populate the
lookup table. You can run this search
from the Search view:

| savedsearch "Sourcenames Lookup"

However, when I run it I get no results, not sure what the problem is...anyone have an idea why or what to try next?

Thanks,

-greg

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...