Thanks For Downloading!Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows: Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into Unix/Linux: Decompress the downloaded file using a tool like DescriptionThe Splunk App for Web Intelligence 1.0 Beta has come to a close. The response from the community has been incredible. Thank you for your interest and stay tuned for more information... If you'd like us to keep you posted about updates by email, register by clicking the button on the right. Note that eligible customers already using the app should contact Support with any questions. |
Looks like this has great potential.
We have a problem at our site where I am trying to aggregate logs from many servers, all doing different things. However, the app only distinguishes between "sites" based upon the "source" field, which is the location of the logfile. It would be great if you could configure it on a per "host" field value too.
Looks great and potentially very useful.
However, we are unable to get this to work with our Apache logs which are transmitted via syslog. It seems that the Splunk App for Web Intelligence expects the web logs to appear in the standard Apache HTTPD format. It does not support syslog-style inputs, because syslog adds a few extra fields at the beginning of each line.
That choice is unfortunate. Syslog is by far the most common ways to transmit log data. I don't see how this App could work at a datacenter which has more then one webserver. In a webserver cluster, the most common way to ship log data is via syslog. However since this app does not recognize web log data sent in the syslog format, it means it canot work with my webserver logs.
The only way to provide the log data in a format that this app will recognize is to to scp the http access logs to the Splunk server periodically, and you must do this from each webserver in your cluster. That is not a good solution.
You could still use syslog-ng or rsyslog to centralize web server logs from apache and just write it to a file and then get splunk to parse that consolidated file. its not that hard to keep the format in the combined format via syslog.
But isn't that the point of Splunk, to centralize log data and parse it?
Great content and potential. Very difficult to install and get configured properly. Even after spending several (More that 15) hours configuring and letting it run for 5 or more days and doing back fill for 2 days I an still getting flaky data/results. Do not use this on a system you have been using for some time. If you have an new installation and use the default IIS web log source type then you may get better results than I did. The potential is Hugh but in reality for me it did not deliver. The documentation is good but left out some critical key parts. I had to work with tech support to figure out. Not an easy install for an existing splunk system. hard to choose between 2 and 3 stars
Implemented this at a site today. This is a great app and the documentation is very clear.
Using this app, it is very easy to visualize (read: Brace yourself for extreme value) your web-log data whether from Apache or IIS. We have both in on this site, across many dozens of websites and it all looks great.
I look forward to seeing what else is included in the final release of this app.
