Hello there,
In our company we've been using Splunk for a while now but I think we use it not to it's full potential.
Let me explain:
We just logged a string from our apps, the go to a web site Splunk…..:8000 and then do a search, we have a hard time understanding the way we should look for stuff and we learned that if you put things like error or * we can see what is going on, sometimes we are really wild and we do some other strange searches.
We have that single splunk web server and realized that no matter what application is sending the string to splunk we can't really differentiate what environment send it in. I've been looking for a while and I've come up with domain=domain.com but none of our sites came up, so I was wondering 2 things:
1 - Do we need to send the string to Splunk in a special way for this to work?
2 - I've read a little about indexers and I wonder if this is the way to go to differentiate different environments from sending data to a single Splunk web server, and if this is the way to go, how do I search for this particular data after it has been sent.
I'm having a hard time starting from scratch on this as I can't find a very easy tutorial that will help me get off the ground with Splunk.
ANY help will be highly appreciated!
... View more