As part of understanding our end user experience, I'd like to create a search that tells me whenever splunk created a message that appeared as a banner message to end users. Is this possible?
One place to start would be this:
index=_internal source="*web_service.log" raise
You'll get events for exceptions being raised, usually that's equivalent to a red error message. Off the top of my instance I don't see blue info messages being logged though.
One place to start would be this:
index=_internal source="*web_service.log" raise
You'll get events for exceptions being raised, usually that's equivalent to a red error message. Off the top of my instance I don't see blue info messages being logged though.
Is there a definitive way to do this? Including "usually" as part of the answer isn't good enough.