https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103156#M21665 <P>oh. well you didn't say that. Does the file monitor not read in the file when it alerts you? I dont think you can do diff change monitoring from splunk. youd need a diff application to push the new copy to and the old copy then have splunk alert on what the diff application said changed. That would tell you but is a bunch of work. If the device is a network appliance, just use puppet or Cacti.</P> Mon, 22 Apr 2013 19:04:01 GMT rnolette 2013-04-22T19:04:01Z https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103153#M21662 <P>Is it possible for a file monitored with fsmonitor to send an alert on any difference of the file? or would monitoring the file be able to provide that visibility.</P> Mon, 22 Apr 2013 15:24:52 GMT https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103153#M21662 diegosainz 2013-04-22T15:24:52Z https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103154#M21663 <P>if fsmonitor has a log file that generates events on file status changes then you can write a custom file monitor that will send the events to the splunk server. You then can create a realtime query Alert that will email you every time this event is triggered. I did this for checking when someone changes something on one of my servers that has a custom application on it.</P> Mon, 22 Apr 2013 16:50:05 GMT https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103154#M21663 rnolette 2013-04-22T16:50:05Z https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103155#M21664 <P>We have done that, we would like to know what has changed in the file.</P> Mon, 22 Apr 2013 18:56:56 GMT https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103155#M21664 diegosainz 2013-04-22T18:56:56Z https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103156#M21665 <P>oh. well you didn't say that. Does the file monitor not read in the file when it alerts you? I dont think you can do diff change monitoring from splunk. youd need a diff application to push the new copy to and the old copy then have splunk alert on what the diff application said changed. That would tell you but is a bunch of work. If the device is a network appliance, just use puppet or Cacti.</P> Mon, 22 Apr 2013 19:04:01 GMT https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103156#M21665 rnolette 2013-04-22T19:04:01Z https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103157#M21666 <P>Thank you. I will do that.</P> Tue, 23 Apr 2013 14:34:59 GMT https://community.splunk.com/t5/Getting-Data-In/fsmonitor-question/m-p/103157#M21666 diegosainz 2013-04-23T14:34:59Z