I am evaluating the Retrospective product and one of the first things I have noticed, apart from being "a great bit of kit", is that the timestamp search function does not take into account the file modification date. It seems pointless to me to have to create separate profiles based on file dates before performing a search based on timestamps. Here is my use case:
- X number of hosts in profile1
X number of source files in profile1 based on filename filter
Each host specified "logrotates" specified source files, so the amount of source files returnable is indeterminate at profile creation.
When starting a "grep" search using timestamps, the function pointlessly searches in source files with a file modification date outside of the search parameters thereby increasing the processing time. It would be better to reduce the source files to be searched based on timestamps selected. Granted, the function must search in archive files for individual file dates so this has to be done at execution.
Now I haven't verified this behaviour 100% because I gave up watching Retrospective after 7 mins searching through 127 source files, but please confirm if my analysis is true. If it is, I would expect this to be improved before I purchase.