Many thanks I assume in the search string there are some values I need to input? I guess splunk_server = host name or IP or search head or indexer is index to be replaced with a specific value and how about myUniqueId does that need a specific value in there as well
... View more
Hi
My auditors are questioning and requiring that each event we log into Splunk has a unique identifier added by Splunk. I see where they are coming from, but cannot produce evidence of something I know intuitively to be true. Splunk must maintain an internal index of events to enable the searching to work so each recorded event must have a unique id from that. I just need to evidence it for the Auditors
... View more