Quickstart

In this tutorial, you learn how to add web logs to Imply Lumi using the file upload feature, and how to view and query events.

To complete the steps, you use sample web traffic data from a fictional online store. For details about the dataset and its format, see the tutorial data overview.

The following diagram summarizes the end-to-end process of uploading a file to Lumi. Yellow shaded boxes represent steps taken within Lumi, and blue shaded boxes represent steps taken outside Lumi. Click any box in the diagram to jump to that step.

Prerequisites

Before you can get started with Lumi, you need the following:

• Access to the Lumi UI with the Data manager role or higher.
  Contact your Imply representative to set up your account.
• One of the following supported browsers:
  • Last three versions of Chrome, Firefox, Edge (Chromium version), Opera.
  • Firefox ESR.
  • Safari (desktop) 16 or above.

1. Download the sample file

The sample data file contains a few hundred lines of logs in an Lumi compliant CSV file.

Download the sample data file: site_visitors_quickstart.csv

See Example data for Lumi tutorials for a full description of the sample data.

2. Upload the file to Imply Lumi

To upload the file:

1. Select Integrations in the navigation menu.
2. Select File upload.
3. Click Select file and select the file you downloaded in the previous section.
4. Lumi loads a preview of the file:
5. Env and Team are system attributes. Enter quickstart in Env and quickstart-team in Team.
6. Source, Source type, and Index are user attributes. Entries in these fields are only used if they don't exist in the source event. They are already specified in the sample data, so leave these fields blank.
7. Click Upload.
8. In the dialog that reads "File upload successful," click Go to Explore.

3. View events

The default explore view displays all events in the uploaded file. The time range selector shows that the events cover the previous 7 days.

Add and rearrange some columns in the events list:

1. Click the Content column heading and select Add column to the left. Add user.
2. Click the Time column heading and select Add column to the right. Add uri.
3. Click the Uri column heading and select Add column to the right. Add host.
4. Click the Host column heading and select Add column to the right. Add method.
5. Click the Method column heading and select Move right.

4. Query events

Clear the search bar and enter the following queries one at a time to locate some specific events:

uri=/trending host=web-01
finds events with the specified uri and host.

user IN (sallyosborne,mialim,rocketsmith)
finds events for three specific users.

uri!=/register
returns events that don't include the specified uri.

(uri=/config AND user=shawkatherine) OR method=POST
locates events that contain the specified uri and user, or contain the specified method.

#status=notice
shows events where the system attribute status contains a code matching a particular status.

For details on supported syntax and search limitations, see Search events with Lumi.

Learn more

To build on this tutorial, follow How to search events with Splunk® to set up a federated provider and query Lumi events from Splunk.

See the following topics for more information:

• Tour Lumi for an introduction to the Lumi UI.
• File upload reference for more details on file upload.
• Event model for information on the components and attributes in Lumi events.