You could do a few things, from my perspective. (Hope this hits some idea's
you like)
- upgrade, never hurts :) as long as you read the release notes to make
sure nothing your depending on.
- Add some filters to your existing queries to exclude unneeded data
- you can create filter
Folks,
I wanted to let you know, I have been working on a search command for
splunk that allows me to use the SPLUNK GUI but query data in
elasticsearch.
I just wanted to let you know it was out there as I never found anything
similar.
https://github.com/eperry/splunk-elasticsearch
Use
