I need to build a search for tracing logs cleared from /var/log/message/ or /var/log/secure/ .
Hi himapate,
if you can have the Splunk Partner Kit, there is an example that answers to your question.
To have it, you have to ask it to your Splunk Partner Manager or Splunk Technical Presale Engineers.
By.
Giuseppe