Alerting

Scan directory for occurance of file and alert

phil998
Engager

I am trying to find a solution for the following problem using splunk.

What needs to happen:

  1. A cron job runs every few minutes to fire of a search/scan for a core dump(The file will only be present if a fatal error has occured).
  2. If the file is found an alert will be issed to needed people and applications(Using an alert)

Is there a way to do this? I've tried using source="C:\foo\bar\log\log\*" earliest=-2M@M as noted here in this question link, but with no luck. Is this easily possible?

1 Solution

dwaddle
SplunkTrust
SplunkTrust

Use Splunk's fschange capability. It will scan for the creation of a new file, and log an event when it happens. Then, your cron job is no longer needed. We do this today for javacores in J2EE apps.

View solution in original post

dwaddle
SplunkTrust
SplunkTrust

Use Splunk's fschange capability. It will scan for the creation of a new file, and log an event when it happens. Then, your cron job is no longer needed. We do this today for javacores in J2EE apps.

phil998
Engager

I was trying to call a python or perl script from the alert to create tickets/alerts in a few other systems. I will look into fschange as noted below. Thank you.

Brian_Osburn
Builder

Does that cron job write to a log that Splunk can read?

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...