|
We have the *NIX app working, and as an example, we have one system feeding netstat and open port data into it. We are feeding this data every hour. How can I send an alert if the reports each hour don't match? Basically, if a new port is opened, or an existing port is closed, we want to get an alert. Thanks for the help, as always! |
|
Try the diff command: http://docs.splunk.com/Documentation/Splunk/latest/Searchreference/Diff |
|
Thank you for the answer! Now, I am trying to create a alert for this. Under normal conditions, I get the " Results are the Same " message. However, when there is a difference, for example, I get this: @@ -15,3 +15,4 @@ udp 52480 udp 20031 udp 5353 +udp 1514 I am trying to set up the alert so that obviously it only send us an email when there is a difference. I tried using the custom condition in the alert to exclude the " Results are the Same " message, but it is not working. Any suggestions? Thanks again! I think you can filter no-diffs out by adding one of the following to your search:
(07 Nov '11, 16:19)
araitz ♦♦
This worked perfectly. Thank you!
(09 Nov '11, 08:40)
aferone
|