So we spot checked a random time in splunk for a sourcetype(made up of 2 hosts sending in data). The data was missing, running the report for just that date shows there was a window of approx 45m where no data came in.
This raises the obvious question of are there any other gaps I need to investigate and back load?
It generates approx 5 million events per day and I need to check the last 2 months worth of logs, is there an easy way of doing this without having to run each day individually?
sourcetype=mysourcetype | timechart span=30m count by host
