We want to restrict certain usergroups possibility to search in Splunk based on a dynamic parameter
For instance
Merchant group A should have this search restriction: index=business-events merchantid=1
Merchant group B should have this search restriction: index=business-events merchantid=2
Could this be done using this search restriction: index=business-events merchantid={currentuser.merchantid}
Could this be done through a database lookup?
... View more
Basically I need to construct a search that compare last weeks average count for "successful authorizations" with today count and shows that in a chart.
I also need to measure the gap between these to values and if the gap is larger than a set threshold then an Alert should be sent.
Can anybody help me please?
... View more