Hi, I want to forward Exchange admin logs to my Splunk server. I installed a universal forwarder on my Exchange server. Which configuration should I do in the GUI while selecting logs/log types? ... View more

Hi, I'm currently searching for a method that will help me alerting anomalies in historial event logs. Let's say; i've a log source that generates events. In day 1, between 09:30 - 10:00 it generates total 105 events, in day 2, between 09:30 - 10:00 it generates 110 events so on and so forth... I want to write a search which will work every 30 minutes and will find deviation (%50 for example) from average for last 2 days for the same 30 minutes period Example: At 10:00, search will look for past 2 days events (value 2 can be variable) and calculate average; Yesterday, between 09:30 - 10:00; 105 events generated The day before, between 09:30 - 10:00; 110 events generated Average is: (105+110)/2=107,5 If (current event count for today's 09:30 - 10:00 period) > 160, it will generate an alert since %50 deviation threshold is exceeded. (Using version 6.2.1) Any idea? Thanks, ... View more