"The preview feature, is a good feature" this will be a good feature when you solve the problem that the user not get what he except. (better documentation, teaching video, or something)
Im new with splunk. Now it looks that what you get as web gui to configure is useless. I added the /var/log/samba/audit.log so many times. In the preview i see that everything is fine, but when is want to search in this file i get 0 result.
After i run the command: /splunk add monitor /var/log/ i was to able to search in the log files. But /var/log/samba/audit.log was not in the list of files that can be searched. I must move this file to /var/log/audit.log, only after this was i able to find something in this file.
... View more