Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create an email alert if any log file is not updated for 2 days?

ksarode
Explorer
‎05-28-2018 06:05 AM

I have created a CSV which contains all the log files that are required. I want to create an alert if any log file is not updated for 2 days.

0 Karma
Reply

rojith
New Member
‎12-28-2018 04:11 AM

You can create a new alert using Settings > Searching, report and Alert section.
In the alert Serach, you can write a simple Search to get receive data in regard to the logs for the time frame of 2 days.
In the Alert Trigger Condition, check the Number of Results=0
And set the Trigger Action as Email and give the relevant details for the email alerts..

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎01-03-2019 08:44 AM

This won't scale at all.. What happens when you have 100TB/day deployment with millions of logs you're monitoring?

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎05-28-2018 06:08 AM

This is going to be difficult to maintain. You should checkout MetaWoot instead

https://splunkbase.splunk.com/app/2949/

0 Karma
Reply

ksarode
Explorer
‎05-28-2018 06:35 AM

yup i ll try that but if i want to do it by normal method what query i should use

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎05-28-2018 06:46 AM

Once again, your begging for problems by wanting to do it "the normal way". You will have many false alerts, have to maintain a lookup when adding new sources etc..

0 Karma
Reply

ksarode
Explorer
‎05-28-2018 06:51 AM

ok then i ll install the app and will do that

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎05-28-2018 07:00 AM

MetaWoot can monitor the tsidx files at the host level and make managing this much easier. Please upvote/accept if this answered your question

Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...