...uess the best choice for timestamp value is to fill it with "last update" field ? And then to override at search-time _time field in case we want to search by open date (or close date, etc.)
R...
I have a bit of a non-traditional application, but one which Splunk is pretty good at 95% of:
There's a big file (call it bigReport.csv), updated daily by a business intelligence system and d...
Have an environment where a directory is used to 'stage' files waiting for an update. Essentially, a file is sent to a vendor and a local status file (of zero or more bytes) is placed in a 'p...
...roblem include an error in the Splunk Phantom wen interface when applying a license key ("Failed to update license: status"), and "ConnectionError", "AttributeError: status", and "Http400: status" m...
Hi Team, I want to effectively monitor a system with 100+ URI. So far, approach was to monitor server error by tracking 500 status codes or 5XX status codes (https status codes along with URI gets p...
I'm trying to create a specific search/dashboard in Splunk Enterprise 7. We have hosts running Ubuntu 14.04 with the unattended-upgrades package installed and configured to run daily. When update...
Windows update installation logs from machines are forwarded every day in Splunk. In our windows environment, some windows update installations might fail and get logged as failed in the log, many g...
I have a summary index that is populated every 5 minutes from a report. The report shows when the last update was for each panel and the current status of each panel. The status will change from n...