Hi guys, I have a set of data in the following format: This is a manually exported list, and my requirements are as follows: - Objective: I need to identify hosts that haven't connected to the server for a long time and track the daily changes in these numbers. - Method: Since I need daily statistics, I must perform the import action daily. However, without any configuration changes, Splunk defaults to using "Last Communicaiton" as "_time", which is not what I want. I need "_time" to reflect the date of the import. This way, I can track changes in the count of "Last " records within each day's imported data. I can't use folder or file monitoring for this because it only adds new data, so my only options are to use oneshot or to perform the import via the Web interface. Is my approach correct? If not, what other methods could be used to handle this? I could use splunk oneshot to upload the file to the Splunk indexer, but I couldn't adjust the date to the import day or specific day. The example I used the command: splunk add oneshot D:\upload.csv -index indexdemo I want the job will run automatically. So I don't want to change any content to the file. How could I do?
... View more