My environment has over 1k hosts. I collect 4 different audit logs per host per day. We are talking about 1,460,000 different log files! I cannot simply put them back if that is what you are implying. I should be able to grab the log file, upload it to Splukn through the Add Data utility, and be done.
I know this method works because I have a another setup (Dev Environment) that works exactly that way. What I am trying to figure out is why does it work on the Dev Environment but it wont work in my production environment?
... View more