I have been toying around with the task of identifying servers on our network with abnormal connection times . We have a set threshold for normal connection times in our environment. However, I want to get ahead and create an alert based off this report that I will transition to a dashboard.
The issue I am having is that I am relatively new to Splunk and still finding my groove in detailed searches. I thought about using eval combined with timestart and timeendpos.
|eval Connection=timestart-timeend....
My question to you all is , how far off am I ? Am I putting too much effort into skinning this cat? Does anyone have any recommendations?
Thanks in advance !
... View more