Difference between monitor and fschange

[1] May I know what are the differences between using monitor or fschange?

[2] Is there a documentation about fschange? If there isn't, how do I make use of it?

asked 29 Apr '10, 17:25

Nicholas Key ♦♦
2.3k●1●3●20
accept rate: 16%

edited 29 Apr '10, 18:09

Leo ♦
1.1k●1●3●13

One Answer:

oldest newest most voted

[link text][1]Monitor is intended to be the input method for live log files that you continuously write data to. The fschange input method is intended to monitor a change in the filesystem. A basic example for each item:

use monitor for a web log file or java app log file
use fschange for a system file or configuration file

For more details you can read the documentation here:

http://www.splunk.com/base/Documentation/latest/Admin/Monitorfilesanddirectories

http://www.splunk.com/base/Documentation/latest/Admin/Monitorchangestoyourfilesystem

link

answered 29 Apr '10, 17:34

Simeon ♦
4.2k●11●10●35
accept rate: 26%

Current Link: http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectories http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorchangestoyourfilesystem

Since those links currently fail for me

(25 Jan '12, 17:08) mikelanghorst

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

monitoring ×143
fschange ×82

Asked: 29 Apr '10, 17:25

Seen: 1,931 times

Last updated: 25 Jan '12, 17:08

Difference between monitor and fschange

Follow this question

Splunk Resources

Related questions