I'm new to Splunk in general, and I was wondering is there was a way to highlight inconsistencies in the IDs of the returned events.
I've got a simple query : index="<field>" | sort -_time | dedup id which returns 6056 results, ranging from ID 31 to 14.236.
Obviously, there are gaps. I'd like to be able to get a clear vision of all the gaps, which could give me an answer to why there are so many.
Any help is greatly appreciated,
Thanks in advance !
... View more