I am using the free version of the splunk and I just want to see the days log files from all the servers I have in my remote event log collections. Is there a way to store the old ones per day as well?
I would like to start the logs from today and not from when the day the servers were turned on?
if you plan to produce daily logs every day then you end up indexing the whole event history. Then there is no need to do "day filtering", but instead you can build views which show only today's events.