Sep 8, 2020, 11:00 PM – Sep 9, 2020, 2:00 AM (UTC)
Did you know that it is not uncommon for a Splunk search to exhaust system resources or hit a limit of some sort and silently "give up", returning partial results to you without any direct/obvious indication that such has happened? IT IS TRUE and you are not doing your job if you do not accommodate this fact somehow.
Do you know the difference between a search that is "done" and one that is "finalized"? Do you know where to look? Is there any way to make this distinction more obvious in real time? Learn how Splunxter has escalated the observability of this all-too-frequent sad reality and how you can, too. As a bonus, we will be building a Modular Alert on the fly using this blog: https://www.splunk.com/en_us/blog/tips-and-tricks/how-to-create-a-modular-alert.html
Splunxter, Inc.
President
Splunxter, Inc.
President
September 8 – 9, 2020
11:00 PM – 2:00 AM (UTC)
| Soft Start |
| Hard Start |
| Free Time |
Contact Us
