I have transactions being logged to Splunk, but I get multiple messages per transaction. We are in the middle tier and the 4 messages are as follows: Point 1 - We receive a request from a requester with a unique identifier. Point 2 - We send the request to a backend system Point 3 - We receive a response from a backend system Point 4 - We send the response to the requester. Having all 4 points would indicate a successful transaction. If we don't get all 4 points, then it is a failed request. What I've got is the count of the points based on unique identifier, but I need a Total Count of transaction (total # of unique IDs), count of Success and count of failures. Thanks in advance for your help. ... View more

I have one system which is the indexer, but there are multiple indexes (based upon projects) Different projects have purchased licenses so I want to limit the indexes to various daily limits. For example project A has purchased a 5Gig license and project B has purchased a 10Gig license. I have project A data going to index X and project B data going to index Y. Since both licenses are put into the auto_generated_pool_enterprise there is 15Gig volume allowed. I want to limit project A (index X) to 5Gig per day and project B (index Y) to 10Gig per day. If Project A (index X) gets more than 5Gig in a day, I don't want it to consume the other available license since that project didn't purchase it. I don't want to use a disk limit. How can I limit the daily volume of a specific index? Thanks, ... View more