So I have tried to load the sample data as well as some apache logs, yet when I go toe the Analytics Center I don't get any results for the site/time period.
We have looked at the searches and it is looking for "Web.eventtype"=pageview however it seems that non of the eventtypes are there. Looking at the long search that creates the datamodel it has a DIRECTIVES function that seems to lose the eventtypes: DIRECTIVES(REQUIRED_TAGS(tags="pci,proxy,web_watchlist" intersect="t")).
Are we doing something wrong, it seems like it should just work, but there is a lot that goes on behind the scenes to make this all happen and somewhere we seem to have a breakdown.
I have done all the following:
- Created a custom index for my apache logs
- Index the sample set of data I have for one day of apache logs
- Configured the website
- Generated the sessions
- Generated the pages
- Enabled acceleration
Note: we changed the sessions, pages, and datamodel to only search our index, weblogs_test to avoid pulling in other data we don't want to search yet. We added the index because we have other logs in splunk that also get the tag=web so we don't want to include those yet (30 gigs a day) in the datamodel until we get it working with this test data.
Thank you,
Brian Kirk
