Re: How to create an email alert if any log file i...

ksarode · ‎05-28-2018

I have created a CSV which contains all the log files that are required. I want to create an alert if any log file is not updated for 2 days.

rojith · ‎12-28-2018

You can create a new alert using Settings > Searching, report and Alert section.
In the alert Serach, you can write a simple Search to get receive data in regard to the logs for the time frame of 2 days.
In the Alert Trigger Condition, check the Number of Results=0
And set the Trigger Action as Email and give the relevant details for the email alerts..

skoelpin · ‎01-03-2019

This won't scale at all.. What happens when you have 100TB/day deployment with millions of logs you're monitoring?

skoelpin · ‎05-28-2018

This is going to be difficult to maintain. You should checkout MetaWoot instead

https://splunkbase.splunk.com/app/2949/

ksarode · ‎05-28-2018

yup i ll try that but if i want to do it by normal method what query i should use

skoelpin · ‎05-28-2018

Once again, your begging for problems by wanting to do it "the normal way". You will have many false alerts, have to maintain a lookup when adding new sources etc..

ksarode · ‎05-28-2018

ok then i ll install the app and will do that

skoelpin · ‎05-28-2018

MetaWoot can monitor the tsidx files at the host level and make managing this much easier. Please upvote/accept if this answered your question

How to create an email alert if any log file is not updated for 2 days?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...