Refine your search:

monitoring file

2

Hi,

I was just wondering if Splunk can be sceheduled to monitor a file regularly, and send out alerts if this file does not get updated for a specific time period , lets say for 5 minutes. Please help me in doing so, if possible.

Thanks, Nitin.

asked 05 Nov '10, 19:33

nvashish123's gravatar image

nvashish123
211
accept rate: 0%

One Answer:
oldestnewestmost voted
4

Yes, sort-of. I am assuming this file is a logfile, and there are timestamped events in it. If Splunk is indexing this log file you could schedule a saved search with a conditional alert in Splunk that does something like:

source=/path/to/my/log/file host=host.my.logfile.is.on earliest=-5m@m

And only fires the alert if the results returned are <= 0.

http://www.splunk.com/base/Documentation/latest/Admin/Setupalertsinsavedsearches.conf

link

answered 05 Nov '10, 19:54

dwaddle's gravatar image

dwaddle ♦
15.2k2923
accept rate: 33%

I do that now for several of my log files...

(05 Nov '10, 19:56) Brian Osburn
Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×137

Asked: 05 Nov '10, 19:33

Seen: 677 times

Last updated: 05 Nov '10, 19:54

Related questions

Remote File Monitoring

Monitoring Cumulative Dumps

Monitoring via forwader problem

State File Monitoring

File Integrity Monitoring PCIDSS

File monitoring issues

Monitoring changes to configuration files

Can i tell splunk not to index the first X lines of a file?

Does splunk list monitor accurately reflect files being monitored

Copyright © 2005-2012 Splunk Inc. All rights reserved.