I installed the App and began the process of trying to configure. I had to leverage sourcetype renaming as my logs from multiple servers are going into a common index with a custom source type. After I did that, I could get data to appear with `tag=web` in the search and see data in the configure web sites page.
I configured the web sites of interest to hosts and source. Under website configuration check in the documentation, I see a bunch of red exclamation points next to hosts and source data that I don't care about.
Is there a way to filter this data out of the application? If so, how? If not, does everything have to have a green check mark before you can proceed?
Looking at step 3, Run Lookups. I click on the "Generate user sessions" and it pulls up a different page with a "Last 30 day" time period and 0 events. Says "No results found". I'm wondering if this is a result of my issue listed above or another problem.
I'm super excited to start using this App. I'm just pretty confused as I am new to Splunk. Any help would be much appreciated!
-Pete
↧