All Apps and Add-ons

Analytics Center shows nothing even after the data was accelerated.

bkirk
Path Finder

So I have tried to load the sample data as well as some apache logs, yet when I go toe the Analytics Center I don't get any results for the site/time period.

We have looked at the searches and it is looking for "Web.eventtype"=pageview however it seems that non of the eventtypes are there. Looking at the long search that creates the datamodel it has a DIRECTIVES function that seems to lose the eventtypes: DIRECTIVES(REQUIRED_TAGS(tags="pci,proxy,web_watchlist" intersect="t")).

Are we doing something wrong, it seems like it should just work, but there is a lot that goes on behind the scenes to make this all happen and somewhere we seem to have a breakdown.

I have done all the following:

  1. Created a custom index for my apache logs
  2. Index the sample set of data I have for one day of apache logs
  3. Configured the website
  4. Generated the sessions
  5. Generated the pages
  6. Enabled acceleration

Note: we changed the sessions, pages, and datamodel to only search our index, weblogs_test to avoid pulling in other data we don't want to search yet. We added the index because we have other logs in splunk that also get the tag=web so we don't want to include those yet (30 gigs a day) in the datamodel until we get it working with this test data.

Thank you,
Brian Kirk

0 Karma

bkirk
Path Finder

Removing the CIM app and changing some data models we were able to get this to work. Doesn't seem practical if we need both CIM for other things and the splunk app for web analytics.

Got it working but not really the answer I wanted.

0 Karma

bkirk
Path Finder

Has anyone else had Splunk CIM installed and not accelerated? It has a Web data model that seems to conflict with the Web data model in Splunk App for Web Analytics. To fix the issue we deleted the Splunk CIM app since we weren't using it on the search head the web analytics was installed on.

Thank you,
Brian Kirk

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...