Hey everyone,
I've got a problem concerning the "Generate Pages" and "Generate Sessions" Lookups. They both don't create any results.
When searching for '* tag=web eventtype="pageview" ' in the context of the app, there are several thousand log entries per Minute available. So no Data is obviously not the reason of the problem. However, if one has a closer look, one can see that several fields contain wrong fields (see the incomplete list below):
- user_agent field contains cookie data
- cookie field sometimes contains ip-adresses
This leads to the impression that the "Splunk Web App for Analytics" can't deal with the log type we are using. To confirm that impression we imported a small extract of the logs to a standalone instance and all of a sudden it works.
So my impression is that some configuration on the "big productive" Splunk instance is interfering with the app. Is that possible?
I am guessing that the App's extractions and our custom build instruction somehow disrupt each other. Might that be or is there a different setting that is likely to cause the problem?
As a reference I added one log entry below.
192.168.0.1 - - [04/Jul/2017:08:18:04 +0200] "GET /fakeTest/javax.faces.resource/richfaces.js.xhtml?_=1499178984898 HTTP/1.1" 200 24580 "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" "JSESSIONID=LIATgPTq8jvzhbUZQqxhusWL.Xrs51_1; prodXrs=rd1o00000000000000000000ffff8b195a56o5100; [.. a lot more of Cookie Data];" "192.168.0.1" "-" "my.domain.com" "-" "https://my.domain.com/my/referrerpage/index.xhtml
