×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
bhansen_bcbsm
Engager
Member since: ‎07-14-2017
‎09-21-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-14-2017
Activity Feed
Topics I've Started
No posts to display.
View All

Re: How can I identify missing log inputs on Splun...

by in Splunk Search
‎07-14-2017 10:35 AM
‎07-14-2017 10:35 AM
Hello, I've been working on using the above SPL to achieve a feed monitoring alert. I would like to point out a small but important error in logic in the above SPL. The code to create the lookup table references "time" which gives the current time during execution. Therefore, as you increase the time of the search the delta becomes the difference between the current time and the time of the event. What actually needs to happen is the comparison of Event Time and Ingest time which would give you the delta in event delivery. Line 3 in the lookup should be replaced with: | eval delta = _indextime - latest_time ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-21-2021 08:44 AM
Karma given to
View All