Newbie here - Just evaluating Splunk.
I set up my source to watch a directory and my source type filtering by file name pattern. This is all great, it parsed out errors & messages nicely with no effort.
Now I want to take it a step further. When each file arrives and is closed (the discrete job finished), I want to evaluate things like run time (time between last & first time stamp in the log file) and record counts (a string pulled from a specific message in the log file). Then I want to create trending reports on these values on a daily/weekly/monthly basis.
... View more