Hey,
I'm a little bit confused about the best way to index database data..
1. First way I found is building a python script which query the db and saves the
Data in files and then the indexing is just like regular logs..
But should I save the files directly to the splunk server? In which format the files should be?
Im not sure in which directory should I save the files .. and If splunk would save the data in the db directory like it does with the othdr data so it will be save twice on the server....
Second thing is the lookups. Should I use this option? What is it for exactly?
Thanks a lot!!
... View more