topic Re: monitor empty folder, alert when there is file in Alerting

monitor empty folder, alert when there is file

newbiesplunk — Tue, 03 Jun 2014 13:17:12 GMT

Hi,
I wish to create an monitor folder alert such that it will trigger the alert when there is at least one file in the folder. I do not want to index any file that found in this folder. thks

Re: monitor empty folder, alert when there is file

MuS — Tue, 03 Jun 2014 13:55:21 GMT

Hi newbiesplunk,

I don't think that's possible in Splunk. If you setup a directory monitor Splunk will index all files in that directory except those which are excluded by blacklisted ... but then again you will not be able to search for them in Splunk and therefore you will not be able to setup an alert.

My suggestion: write a shell script which will be fired by cron and sends an email if there is something in this directory.

cheers, MuS

Re: monitor empty folder, alert when there is file

newbiesplunk — Tue, 03 Jun 2014 14:01:25 GMT

thks, i dont really know how to write shell script but i believe splunk is powerful app that can do this simple job thru some search or config, it just that i dont know how. Any other suggestion? thks

Re: monitor empty folder, alert when there is file

MuS — Tue, 03 Jun 2014 14:32:34 GMT

One of the Main functionalty of splunk relies on indexing human readable Data. I don't know of any Way of Not indexing something and do the usual splunk Magic on this nothing....