A working example of a script in Stream - Help me keep track of my goats
I am attempting to record which server logs are being collected, e.g. last seen, and I haven't found that capability yet. I am thinking I need something custom, maybe write to a file or a lookup. The cribl documentation doesn't provide much in the way of specifics when it comes to implementing scripts, except an ominous warning. I am new to the product and any help is greatly appreciated.
Answers
-
The best approach for this has always been to use the downstream analytics tool to do the analysis of what hosts are sending. I have solved for something similar with Cribl however, using Redis. That use case was to identify when devices stopped sending. It used Redis to set a key with the hostname and the TTL to a time you would like to be notified.
For your use case you could set keys equal to host names and update the last seen time as the value. Another option may be to use Cribl Lake and Search if you are a Cribl Cloud customer.
0
