Hi at all,
I'm trying to ingest logs from BlueCoat Reporter and use them in Splunk Using the Splunk App for BlueCoat.
I receive logs as files and I ingest them with no problems.
Logs are summarized using the tscollect search in the App, the only difference is that I run this search once in a day at 00.00 and I take logs of the previous 24 hours: from the 12 of two day before to the 12 of one day before; I do this because sometimes in the files there are logs older that the others.
My problem is that Summary searches results are different than the ones from the correspondent search in the bcoat_logs index, in other words it seems that the tscollect search fails.
Has anyone any idea?
Thank you in advance.
Bye.
Giuseppe
↧