We can set S.o.S on our UAT environment, but cannot set on production environment.
We want to analyze diag file getting from production environment to use S.o.S in UAT.
Can I do that ?
Can S.o.S allow us to analyze other environment diag file ?
The S.o.S app is not built to analyze data contained in diags, its searches are specifically targeted at live data in the Splunk internal indexes (_internal, _audit) and in its own index (sos).
If you have attended a partner shadowing program with Splunk Support, you can reach out to the Support engineers that you worked with and request a copy of the UnDiag app, which does precisely what you want.
Actually, I'm working for the business partner of Splunk. I got the diag file from the end user to troubleshoot the issue. So I hope S.o.S enable to analyze at non-live data. .
The S.o.S app is not built to analyze data contained in diags, its searches are specifically targeted at live data in the Splunk internal indexes (_internal, _audit) and in its own index (sos).
