Dear friends,
with my company besides investigating log-data we are getting ready to roll-out splunk for the Business Team in order to monitor the business. We got some tables which we would like to display as dashboard visualizations, e.g.
ID Name ID2 Name2 Date Volume
1 A1 11 B1 01.01.2019 30000
2 ...
We managed to monitor the csv-files with the upper table, search for relevant data and plot it for dashboard visualiztion.
Now comes the question: How can we update the plots correctly, after the monitored files have been updated?
The data is mainly static and will only be altered inline, eg.
ID Name ID2 Name2 Date Volume
1 A1 11 B1 01.01.2019 99999 (before: 30000)
2 ...
Is there a function which can easily do the job, or do we always have to clean the index an reload/re-index all the files?
We want to avoid the commands: splunk stop/splunk clean eventdata/splunk start
Best regards
Matthias
↧