In our company, Splunk is owned by devops. I don't have the access to develop Splunk(like Splunk Dev). I can only use it and can't do or argue anything about Splunk settings! Many commands like 'eventstats' cannot be run due to space limit. For all that, we want to mine some useful data in log files(we cannot get the log files directly but can only get by Splunk, by the way). We want to find the potential bugs before the customers encountered them.
I tried to get the raw log events files by running the command which is simple but can get all events, after it finished, I clicked the "download" button. But some files are too big to download(10GB mostly)! So I want to find a way to run Splunk spider program to get the raw events. But I know this field of Splunk poorly. Have you tried this, or if you can think out another automated or half-automated solution ?
Thanks!
Hi partners! Is there anyone can give me some advice!