Hi
I know that you have been answered before something similarly, but..I need for my managemant set alert on splunk when indexed volume data are 10% higher than daily average.
We have a problems to detect which of ours sourcetypes, indexes or sources produce a high volume of data, so I need alert to notify me by email where is a problem.
thanks in advance
Nikola
↧