Alerting

How to set up an alert if the size of Catalina data in a catalina.out log file is less than zero?

vvelpuri
Explorer

I have three source types and more than X applications. For every application, I have a catalina.out log file. I want to find the size of Catalina data, and trigger an alert if the size is less than zero.

Thanks gurus.

Tags (2)
0 Karma

woodcock
Esteemed Legend

It doesn't work that way but you can use this search:

index=_internal sourcetype-splunkd INFO "File too small to check seekcrc"

Empty files appearing should generate logs like this:

10-26-2015 10:40:15.740 -0700 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='YOUR FILE HERE'.
0 Karma

woodcock
Esteemed Legend

Provide minimalized sample data and desired output with descriptions.

0 Karma

venkatdba64
New Member

I have catalina.out logfile I want to find the size of catalina.out file in splunk search and give me an alert that when ever the catalia..out file size is zero bytes

index=$$ host=$$ sourcetype=mrcs catalina

0 Karma

venkatdba64
New Member

the below are the logs on my Linux box and are coming to splunk now when the size of catalina.out file is empty for an application it has to give an alert in mail or any . I need to run a query for this in splunk search if any info req I will provide. thanks gurus

index=&& host= ** {here what should I write for query}

242 Oct 17 03:44 access.log-20151017.gz
-rw-r--r-- 1 tomcat tomcat 20 Oct 18 03:13 access.log-20151018.gz
-rw-r--r-- 1 tomcat tomcat 20 Oct 19 03:27 access.log-20151019.gz
-rw-r--r-- 1 tomcat tomcat 1948 Oct 20 03:43 access.log-20151020.gz
-rw-r--r-- 1 tomcat tomcat 8301 Oct 21 03:37 access.log-20151021.gz
-rw-r--r-- 1 tomcat tomcat 16737 Oct 22 03:26 access.log-20151022.gz
-rw-r--r-- 1 tomcat tomcat 11220 Oct 23 03:29 access.log-20151023.gz
-rw-r--r-- 1 tomcat tomcat 13417 Oct 24 03:33 access.log-20151024.gz
-rw-r--r-- 1 tomcat tomcat 8138 Oct 25 03:40 access.log-20151025.gz
-rw-r--r-- 1 tomcat tomcat 7968 Oct 26 03:31 access.log-20151026.gz
drwxr-xr-x 2 tomcat tomcat 4096 Sep 24 14:00 appdynamics
-rw-r--r-- 1 tomcat tomcat 3814707 Oct 26 18:03 catalina.out
-rw-r--r-- 1 tomcat tomcat 2818 Oct 17 03:44 catalina.out-20151017.gz
-rw-r--r-- 1 tomcat tomcat 20 Oct 18 03:13 catalina.out-20151018.gz
-rw-r--r-- 1 tomcat tomcat 61 Oct 19 03:27 catalina.out-20151019.gz
-rw-r--r-- 1 tomcat tomcat 45018 Oct 20 03:43 catalina.out-20151020.gz
-rw-r--r-- 1 tomcat tomcat 230980 Oct 21 03:37 catalina.out-20151021.gz
-rw-r--r-- 1 tomcat tomcat 481344 Oct 22 03:26 catalina.out-20151022.gz
-rw-r--r-- 1 tomcat tomcat 318730 Oct 23 03:29 catalina.out-20151023.gz
-rw-r--r-- 1 tomcat tomcat 368527 Oct 24 03:33 catalina.out-20151024.gz
-rw-r--r-- 1 tomcat tomcat 232260 Oct 25 03:40 catalina.out-20151025.gz
-rw-r--r-- 1 tomcat tomcat 275587 Oct 26 03:31 catalina.out-20151026.gz
-rw-r--r-- 1 tomcat tomcat 0 Sep 24 14:03 logback.log
-rw-r--r-- 1 tomcat tomcat 16666233 Oct 26 18:03 transactions.log

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...