Getting Data In

Tag events coming from two sources as Potential and False

veerendra_modi
Loves-to-Learn

I have two sources of events say source_1 and source_2
Both the events are coming to splunk i need to check the id and Timestamp of the event and
if the event coming from both sources at around same time i have to tag it as "Potential" otherwise "False".

The catch is if i get the event at say 3pm from source_1 then my rule should check for the same event from 2:55 to 3:05 for sourcetype_2.
If found tag it as "Potential" otherwise "False".

Please help with this.

Tags (1)
0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>