Hi all. I am very new to splunk so please be gentle here. 🙂 I have the following json payload being updated in our splunk index.
{
"status": "open",
"description": "some information here"
"severity": "unknown",
"ingestion_source": "source type here"
}
What I want to do is have a tile that is per ingestion_source that turns red if a new payload hasn't been received in the last 5 minutes. I know how to make the query, I am just struggling with how to make the dashboard do what I explained. Any help is much appreciated.
... View more