I am trying to find a solution for the following problem using splunk.
What needs to happen:
Is there a way to do this? I've tried using source="C:\foo\bar\log\log\*" earliest=-2M@M as noted here in this question link, but with no luck. Is this easily possible?
Use Splunk's fschange capability. It will scan for the creation of a new file, and log an event when it happens. Then, your cron job is no longer needed. We do this today for javacores in J2EE apps.
Use Splunk's fschange capability. It will scan for the creation of a new file, and log an event when it happens. Then, your cron job is no longer needed. We do this today for javacores in J2EE apps.
I was trying to call a python or perl script from the alert to create tickets/alerts in a few other systems. I will look into fschange as noted below. Thank you.
Does that cron job write to a log that Splunk can read?