Hi,
I have a requirement for an event detection engine which is able to identify a string (e.g. username) in a particular data source and 'notify' other systems that the event has occurred.
I appreciate the inherent flexibility Splunk has by allowing Scripts to be used in conjunction with Alerts to achive this, but i wanted to see if anyone is using Splunk within a large enterprise Production environment as an event detection engine (instead of just a data visualisation tool)?
Once the event has occurred, Splunk will need to 'notify' other systems by sending a JMS message to one system and updating a database table in another system. How suitable is the scripting capability in Splunk for run-time requirements like this?
Cheers,
James.
... View more