Hi,
I am new to Splunk, but after reading all the documentation, I am still not able to find a solution for my scenario.
I have a relatively big farm of IOT devices, around 100.000. And I have two sources of data:
An inventory of all the devices. This inventory changes daily as new devices are deploy and others are decommissioned.
A continuous flow of events coming from those IOT devices, with around 1.000.000 events per month
Each device has a unique identifier that can be found both in the inventory and in the events.
What I want to produce is a set of reports that respond to these questions:
List of IOT devices in the inventory that has not produced any event in the last 30 days?
List of IOT devices that are producing events but they are not listed in the inventory?
The first question will help me to identify broken devices. The second will help me to identify problems with the inventory.
How can I implement this with Splunk?
Thanks in advance,
Miguel
... View more