Hi All
I am trying to build some dashboards in Splunk and am having trouble trying to work out syslog export filters.
in our clearpass logs we see the following towards the end of the log file
[Th 7211 Req 27998756 SessId R001ff748-02-5b85f2a4] INFO RadiusServer.Radius - Request processing time = 435 ms
I want to be able to use the request processing time in Splunk and build a dashboard and some alerting around it where we can see trends and alerting if its too high.
So far I have not been able to determine what field the request processing time is stored in or what fields I need to examine to be able to determine the value.
I assume that as you can see the data under System Monitor-> Clearpass and in the Insight section that it must be stored somewhere just hoping that someone knows where.
Any assistance is appreciated.