Thank you so much for your answer. After I posted I started searching more and more online to see ways to do what we wanted to do but pretty soon I realized that we are not sending the right data to Splunk to fully use to it's potential. First of all we send just strings of text, not key/value pairs, so we can't filter down on available information that can be useful to us (more logging type of strings "This happened" or "This didn't happen" instead) also we are sending everything to the same indexer making it very difficult to have separation among environments and everything is in one server so searches are not optimized.
I started with a free tutorial videos from splunk.com/education and while I still have a long way to go I started understanding why we were not getting what we needed from Splunk.
I tried giving you points for your answer but a message appeared telling me that if I award you points I won't be able to post any more question and no points were awarded, sorry!
... View more
In our company we've been using Splunk for a while now but I think we use it not to it's full potential.
Let me explain:
We just logged a string from our apps, the go to a web site Splunk…..:8000 and then do a search, we have a hard time understanding the way we should look for stuff and we learned that if you put things like error or * we can see what is going on, sometimes we are really wild and we do some other strange searches.
We have that single splunk web server and realized that no matter what application is sending the string to splunk we can't really differentiate what environment send it in. I've been looking for a while and I've come up with domain=domain.com but none of our sites came up, so I was wondering 2 things:
1 - Do we need to send the string to Splunk in a special way for this to work?
2 - I've read a little about indexers and I wonder if this is the way to go to differentiate different environments from sending data to a single Splunk web server, and if this is the way to go, how do I search for this particular data after it has been sent.
I'm having a hard time starting from scratch on this as I can't find a very easy tutorial that will help me get off the ground with Splunk.
ANY help will be highly appreciated!
... View more