Alerting

How to set up an alert if the size of Catalina data in a catalina.out log file is less than zero?

vvelpuri
Explorer

I have three source types and more than X applications. For every application, I have a catalina.out log file. I want to find the size of Catalina data, and trigger an alert if the size is less than zero.

Thanks gurus.

Tags (2)
0 Karma

woodcock
Esteemed Legend

It doesn't work that way but you can use this search:

index=_internal sourcetype-splunkd INFO "File too small to check seekcrc"

Empty files appearing should generate logs like this:

10-26-2015 10:40:15.740 -0700 INFO  WatchedFile - File too small to check seekcrc, probably truncated.  Will re-read entire file='YOUR FILE HERE'.
0 Karma

woodcock
Esteemed Legend

Provide minimalized sample data and desired output with descriptions.

0 Karma

venkatdba64
New Member

I have catalina.out logfile I want to find the size of catalina.out file in splunk search and give me an alert that when ever the catalia..out file size is zero bytes

index=$$ host=$$ sourcetype=mrcs catalina

0 Karma

venkatdba64
New Member

the below are the logs on my Linux box and are coming to splunk now when the size of catalina.out file is empty for an application it has to give an alert in mail or any . I need to run a query for this in splunk search if any info req I will provide. thanks gurus

index=&& host= ** {here what should I write for query}

242 Oct 17 03:44 access.log-20151017.gz
-rw-r--r-- 1 tomcat tomcat 20 Oct 18 03:13 access.log-20151018.gz
-rw-r--r-- 1 tomcat tomcat 20 Oct 19 03:27 access.log-20151019.gz
-rw-r--r-- 1 tomcat tomcat 1948 Oct 20 03:43 access.log-20151020.gz
-rw-r--r-- 1 tomcat tomcat 8301 Oct 21 03:37 access.log-20151021.gz
-rw-r--r-- 1 tomcat tomcat 16737 Oct 22 03:26 access.log-20151022.gz
-rw-r--r-- 1 tomcat tomcat 11220 Oct 23 03:29 access.log-20151023.gz
-rw-r--r-- 1 tomcat tomcat 13417 Oct 24 03:33 access.log-20151024.gz
-rw-r--r-- 1 tomcat tomcat 8138 Oct 25 03:40 access.log-20151025.gz
-rw-r--r-- 1 tomcat tomcat 7968 Oct 26 03:31 access.log-20151026.gz
drwxr-xr-x 2 tomcat tomcat 4096 Sep 24 14:00 appdynamics
-rw-r--r-- 1 tomcat tomcat 3814707 Oct 26 18:03 catalina.out
-rw-r--r-- 1 tomcat tomcat 2818 Oct 17 03:44 catalina.out-20151017.gz
-rw-r--r-- 1 tomcat tomcat 20 Oct 18 03:13 catalina.out-20151018.gz
-rw-r--r-- 1 tomcat tomcat 61 Oct 19 03:27 catalina.out-20151019.gz
-rw-r--r-- 1 tomcat tomcat 45018 Oct 20 03:43 catalina.out-20151020.gz
-rw-r--r-- 1 tomcat tomcat 230980 Oct 21 03:37 catalina.out-20151021.gz
-rw-r--r-- 1 tomcat tomcat 481344 Oct 22 03:26 catalina.out-20151022.gz
-rw-r--r-- 1 tomcat tomcat 318730 Oct 23 03:29 catalina.out-20151023.gz
-rw-r--r-- 1 tomcat tomcat 368527 Oct 24 03:33 catalina.out-20151024.gz
-rw-r--r-- 1 tomcat tomcat 232260 Oct 25 03:40 catalina.out-20151025.gz
-rw-r--r-- 1 tomcat tomcat 275587 Oct 26 03:31 catalina.out-20151026.gz
-rw-r--r-- 1 tomcat tomcat 0 Sep 24 14:03 logback.log
-rw-r--r-- 1 tomcat tomcat 16666233 Oct 26 18:03 transactions.log

0 Karma
Get Updates on the Splunk Community!

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...