Feature: Relative window one time run submit option #6
Description
Was thinking to write something similar to this where I grabbed messages from graylog and forwarded them to splunk from X to Y timeframe. This plugin will enable you to do some realtime stuff by adding/removing it but is it possible to make a plugin that will do a date range and forward that as a one time gig then disable itself? That would add some good functionality, especially if I could grab logs further back in time.
Scenario: Oh crap, really odd behavior out of our app here but I can't get the visualizations and complex aggregation logic out of Graylog at the moment, need to forward the last 6 hours to Splunk to search on this data a bit.