Thanks For Downloading!Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows: Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into Unix/Linux: Decompress the downloaded file using a tool like DescriptionNOTE: the new 2.0 version of this app is now available as a 90 day trial from the Sideview website. We strongly recommend doing your trial with the 2.0 version which has many improvements over 1.2.7. Note that to try out 2.0 you will also have to get a 90 day trial version of Sideview Utils 2.0. Get the new 2.0 version from the Sideview site today. This app will change how you search and report on access log data in Splunk. From a simple homepage you will quickly drill into your data and pivot from chart to chart, from drilldown to drilldown. As your analysis progresses and you pivot from axis to axis, the app builds up a list of searchterms from whatever chart elements and table rows you've clicked along the way. This is a 90 day demo version and the license to use the app will expire 90 days from the date of upload. Modifications of the app are not permitted and the app will stop functioning when the license expires. Versions and Release Notes
Version 1.2.7 (current version - updated Apr 24, 2012)
release notes:
> Added a note to the homepage that the much-improved 2.0 version of the app is now available from http://sideviewapps.com.
Version 1.2.6
(updated Jan 19, 2012)
release notes:
> updated trial expiration date.
> also fixed a bug where backslashes in field values
would lead to drilldown problems on the list view.
Version 1.2.5
(updated Nov 10, 2011)
release notes:
> Removed the simple usage- and version- tracking that the previous trial versions had.
Now the app will send no information to sideviewapps.com automatically.
> added some eventtypes to differentiate internal (ie non-routable) IP's
> added the endless scrolling functionality to the raw-event view.
> The app does now contain a required contact form, although we don't require that you
tell us anything useful.
Version 1.2.4
(updated Aug 19, 2011)
release notes:
Fixed a bug whereby the geolocation integration would only work for the admin user. Also changed the trial license expiration to 11/19/2011.
Version 1.2.2
(updated Jun 01, 2011)
release notes:
Updated the license expiration date. Changed the logo to match new Sideview
branding. Changed some copy in a couple places. That's it.
Version 1.2.1
(updated May 05, 2011)
release notes:
> Upping required version of Sideview Utils to pull in a bugfix around the
TimeRangePicker.
> Swapping order of fields in the list view to make it consistent with the
detail view again.
Version 1.2
(updated May 04, 2011)
release notes:
The main change is that the app now integrates with various other
geolocation apps. The user is now prompted to run the setup screen
if they have not already, and there they can enter the appropriate macro
for whatever geolocation functionality they have installed or have developed
locally.
In addition a couple small interaction bugs were fixed.
Last but not least, the app now makes use of the back-button support
offered by Sideview Utils 1.2 so you may have to update Sideview Utils
as well.
Version 1.1.2
(updated Apr 14, 2011)
release notes:
> updating the required version of sideview_utils, because the TextField module
prior to 1.0.5.6 is subject to a bug on 4.2 where the TextFields are filled
with two double-quote chars.
> Another nice effect of the update is that you get the new Pulldowns that have a
little green bar built in to show search progress.
> There's a few other little tweaks here and there.
Version 1.1.1
(updated Mar 30, 2011)
release notes:
Fixing a bug that was reported on 4.2, where it would complain about some eventtypes. Since the eventtypes are not even used I just commented them out for now. They'll be back. (They're for a new Pulldown that allows you to pick between internal vs external vs all clientips)
Version 1.1
(updated Mar 25, 2011)
release notes:
The app now supports pivoting across not just the 6 core variables, but *any* variable that may be present in your querystrings.
This means that any custom variables that you happen to use in the GET args of your web application automatically get their own list and detail views in the app, and you can pivot to and from such views whenever you like.
Version 1.0.1
(updated Mar 22, 2011)
release notes:
> the "raw events" links on homepage and detail views incorrectly searched for 'sourcetype=winsshd' instead of `access_events`
Version 1.0
(updated Mar 21, 2011)
release notes:
Replacing the empty stub version with the actual demo app.
Version 0.1
(updated Mar 21, 2011)
|
This looks like what I need to analyse the cloud based product download logs I have. Would you expect, me being a complete newb to Splunk, it to be particularly challenging to set up Splunk specifrically for this app?
I'll give it a try and send my feedback if ou want it.
Once you get Splunk setup and your access data indexed, the app doesnt really need any setup at all beyond just installing it and restarting the server. If you download one of the geolocation apps you can run the guided setup screen to integrate with the geolocation functionality but that's about it. Now, whether you'll find any of my views confusing is another story entirely. =) Email me though nick@sideviewapps.com and I'd be happy to respond to any questions you've got.
