Does Splunk have the ability to launch a saved search the moment a new data point is entered into the system?
My research would lead me to believe the answer is no, and that the best I could do is run a scheduled search every minute looking for the particular value I would be interested in and take action as necessary in the event it finds a new entry.
... View more