Is there anyway we can see the status of the endpoint if its online/offline? It should be displayed as red when its offline and should go green when its online. How can we achieve this with uberagent logs?
There is no heartbeat from Splunk to the endpoint. Or in other words, uberAgent can only send data to Splunk but there is no channel back to the agent.
But, one could define an endpoint as not online when there is no data coming into Splunk anymore. That is what the dashboard Machine Uptime shows. The table at the bottom should give you the information you need to create a chart/dashboard with kind of traffic lights visualization for online/offline.
Hope that helps