How do I configure an alert for missing files from...

kpavan · ‎12-03-2018

Hi all,

I need help creating an alert for the difference of 2 directories. Let's say: sender directory has files 4 but receiver directory has 2. Now, I need to configure an alert for 2 missing files with names/details from receiver directory.

Getting the below outputs from each directory on a scheduled basis (1hr), I need to compare 2 directories and get the output for the missing file names and trigger an alert.

Sender Directory
[root] ➤ ls -l
total 0
-rwx------ 1 Users UsersGrp 0 Dec 3 13:16 file1.txt
-rwx------ 1 Users UsersGrp 0 Dec 3 13:16 file2.txt
-rwx------ 1 Users UsersGrp 0 Dec 3 13:16 file3.txt
-rwx------ 1 Users UsersGrp 0 Dec 3 13:16 file4.txt

Receiver Directory
[root] ➤ ls -l
total 0
-rwx------ 1 Users UsersGrp 0 Dec 3 13:16 file1.txt
-rwx------ 1 Users UsersGrp 0 Dec 3 13:16 file2.txt

Please help me with queries to configure alert.

Thanks in advance!

tom_frotscher · ‎12-03-2018

Hi,

as a simple first approach it could be enough to:

set your time range to the last hour an
extract the filename with help of regex if not already done
do a | stats count by filename

The result should always be 2 if every file is present in both directories. If it is not 2, you could trigger your alert.

Greetings

Tom

How do I configure an alert for missing files from different directories?

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest