Scan directory for occurance of file and alert

I am trying to find a solution for the following problem using splunk.

What needs to happen:

A cron job runs every few minutes to fire of a search/scan for a core dump(The file will only be present if a fatal error has occured).
If the file is found an alert will be issed to needed people and applications(Using an alert)

Is there a way to do this? I've tried using source="C:\foo\bar\log\log\*" earliest=-2M@M as noted here in this question link, but with no luck. Is this easily possible?

asked 01 Feb '12, 10:45

phil998
41●3
accept rate: 0%

edited 01 Feb '12, 11:00

Does that cron job write to a log that Splunk can read?

(01 Feb '12, 11:07) Brian Osburn

One Answer:

oldest newest most voted

Use Splunk's fschange capability. It will scan for the creation of a new file, and log an event when it happens. Then, your cron job is no longer needed. We do this today for javacores in J2EE apps.

link

answered 01 Feb '12, 11:39

dwaddle ♦
15.6k●2●9●24
accept rate: 33%

I was trying to call a python or perl script from the alert to create tickets/alerts in a few other systems. I will look into fschange as noted below. Thank you.

(01 Feb '12, 12:57) phil998

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

alert ×130
file ×45
on ×25
occurance ×4
found ×3

Asked: 01 Feb '12, 10:45

Seen: 643 times

Last updated: 01 Feb '12, 14:29

Scan directory for occurance of file and alert

Follow this question

Splunk Resources

Related questions