I have transactions being logged to Splunk, but I get multiple messages per transaction.
We are in the middle tier and the 4 messages are as follows:
Point 1 - We receive a request from a requester with a unique identifier.
Point 2 - We send the request to a backend system
Point 3 - We receive a response from a backend system
Point 4 - We send the response to the requester.
Having all 4 points would indicate a successful transaction. If we don't get all 4 points, then it is a failed request. What I've got is the count of the points based on unique identifier, but I need a Total Count of transaction (total # of unique IDs), count of Success and count of failures.
Thanks in advance for your help.
... View more
I have one system which is the indexer, but there are multiple indexes (based upon projects)
Different projects have purchased licenses so I want to limit the indexes to various daily limits.
For example project A has purchased a 5Gig license and project B has purchased a 10Gig license.
I have project A data going to index X and project B data going to index Y.
Since both licenses are put into the auto_generated_pool_enterprise there is 15Gig volume allowed.
I want to limit project A (index X) to 5Gig per day and project B (index Y) to 10Gig per day.
If Project A (index X) gets more than 5Gig in a day, I don't want it to consume the other available license since that project didn't purchase it. I don't want to use a disk limit.
How can I limit the daily volume of a specific index?
... View more