I am running the following saved search every 10 minutes which will send an email if *xception is found in the filenetlistener.log file. The email contains the alert along with a csv file which outlines the number of severities.
host=itp-srv-03 index=app sourcetype=filenetlistener source="D:\EAI\axis-jms\logs\listener.log" | search *xception | stats count | rangemap field=count low=0-0 default=severe
Do you know is it possible for Splunk to include in the email the listener log file or an extract of the listener log showing the exception?
Thanks in advance.
asked 29 May '12, 07:51
I would suggest this search instead
In your alert, set the condition to "if number of events is greater than 0" and select the option to include the results in the email. Splunk will include all the matching events as part of the alert.
BTW, Splunk search is case-insensitive, so if you are searching for "Exception" or "exception" you can simply write it as
and Splunk will find it regardless of capitalization.
answered 29 May '12, 11:25