Hi,
I have a config file collected across a bunch of hosts. I started off with indexing the file as a single entry. I am trying to use Splunk to monitor any difference in the content of a file from its previously indexed version. Now that I have the various versions of the same file I need to use either diff or | set diff command to obtain the difference in the content of the file for each host. I am unable to include group by host in the diff or |set diff queries to obtain the difference in contents of the file per host.
Any suggestions on how to implement this search will be appreciated.
... View more