Hi Splunkers,
we are not able to see any notable events from yesterday in ES app even though we have not made changes to the configurations.
I have checked the scheduler.log file and there is no information about the running of correlation rules from yesterday where as i can see next schedule run time in splunk console. And also i have checked the splunkd.log i couldn't find any trace.
Does anyone of you have faced the same situation? Can you please someone help us on this how to process further .
Thanks
Pench
... View more