Hello,
I've created real-time alerts in Splunk Enterprise 7.1.2, and I want to log each triggered event to an index, so I can create a dashboard that shows alerts over time. The task seems pretty straight forward ( create alert, add action, log event, etc); however, I cannot get this to work. I'm trying to redirect this to my existing index.
This seems to be not working, and I don't have access to the main index as per my company's policy. Please help me in logging this event to my custom index.
Looking forward to hear from you.
... View more