Hello,
I am very new to Splunk. I have got it up and running on a Linux Box and analyzing some IIS logs and everything works perfect.
But my question is I saved a search with a date range of March 1 to March 31. These logs have about 2 million hits or events. It takes a long time to build.
Is there not a way once the events are scanned not to re-scan them? Just that it takes like 15 minutes every time I open the search.
Thanks
Mike
... View more