We have enabled data integrity control on the indexes. Is there a way that we can set up alerts if the integrity is compromised?
or a better/faster way to check the integrity rather than just running the command:
./splunk check-integrity -index [ index name ]
This may be helpful.