Alerting

Scan directory for occurance of file and alert

phil998
Engager

I am trying to find a solution for the following problem using splunk.

What needs to happen:

  1. A cron job runs every few minutes to fire of a search/scan for a core dump(The file will only be present if a fatal error has occured).
  2. If the file is found an alert will be issed to needed people and applications(Using an alert)

Is there a way to do this? I've tried using source="C:\foo\bar\log\log\*" earliest=-2M@M as noted here in this question link, but with no luck. Is this easily possible?

1 Solution

dwaddle
SplunkTrust
SplunkTrust

Use Splunk's fschange capability. It will scan for the creation of a new file, and log an event when it happens. Then, your cron job is no longer needed. We do this today for javacores in J2EE apps.

View solution in original post

dwaddle
SplunkTrust
SplunkTrust

Use Splunk's fschange capability. It will scan for the creation of a new file, and log an event when it happens. Then, your cron job is no longer needed. We do this today for javacores in J2EE apps.

phil998
Engager

I was trying to call a python or perl script from the alert to create tickets/alerts in a few other systems. I will look into fschange as noted below. Thank you.

Brian_Osburn
Builder

Does that cron job write to a log that Splunk can read?

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...