Identify a way to get the logs we need in the right format given the current implementation or...
Identify what needs to be done/changed/re-configured to support current reporting needs and enable simple triaging of operational applications.
Discussion items
Doug noticed a new format in the logs coming from 1.1. Upon so, he noticed that all queries needed to be updated in order to meet the current metric reporting.
That's a bit of a beat down given that the hope was just to update sourcetypes and everything just works
This works for EDSC with some manual work.
The biggest concern for right now is triaging issues.
Applications are just providing text. Splunk has some logic/black magic that identifies events as such and formats them certain ways.i