Splunk's documentation theme seems to be "you need to have first done the thing before the documentation makes any sense", this approach is infuriating. Documents contain no images to keep you on track, no detailed explanation of what needs to be done, and too many references to external sources. I can't actually learn anything from a single page of Splunk documentation it is truly some of the worst writing I have ever encountered. I have read the docs you supplied that is why I am here. What I'm missing is, what do I do now? How do I test it? Do I have to install this on a forwarder vs the search head? How do I know it works, can I prove to my supervisor that this product has value?
... View more