All Apps and Add-ons

Monitoring Files without Recursively iterating sub-directories

icyfeverr
Path Finder

I am using the app File Meta-data, and it is supposed to Monitor Files within a directory and/or sub-directories. The only time I can have it report on individual files, is if I check the option to "Recursively iterate sub-directories". Is there a way to have it monitor individual files within a directory without this option checked? Again, if I check this option, I do get file level details, but for all sub directories, but if it is not checked, I only get meta data on the directory itself with no file level details.

Example without option checked, the only output received is:
time="Thu Aug 31 23:29:00 2017" is_directory=1 file_count=1 directory_count=2 path=G:\Users\tmpuser\documents\test atime="Thu Aug 31 23:11:23 2017" atime_epoch=1504239083.99 ctime="Thu Aug 31 22:45:54 2017" ctime_epoch=1504237554.1 dev=0 gid=0 ino=0 mode=16895 mtime="Thu Aug 31 23:11:23 2017" mtime_epoch=1504239083.99 nlink=0 size=0 uid=0 file_count_recursive=3 directory_count_recursive=4

Example with it checked, but I get all files with in the directory and all sub-directories:
time="Thu Aug 31 23:31:51 2017" is_directory=0 path=G:\Users\tmpuser\documents\test\file.txt atime="Thu Aug 31 23:11:17 2017" atime_epoch=1504239077.35 ctime="Thu Aug 31 23:11:17 2017" ctime_epoch=1504239077.35 dev=0 gid=0 ino=0 mode=33206 mtime="Thu Aug 31 23:11:17 2017" mtime_epoch=1504239077.35 nlink=0 size=0 uid=0

time="Thu Aug 31 23:31:51 2017" is_directory=0 path=G:\Users\tmpuser\documents\test\folder1\folder1.txt atime="Thu Aug 31 23:11:33 2017" atime_epoch=1504239093.87 ctime="Thu Aug 31 23:11:33 2017" ctime_epoch=1504239093.87 dev=0 gid=0 ino=0 mode=33206 mtime="Thu Aug 31 23:11:33 2017" mtime_epoch=1504239093.87 nlink=0 size=0 uid=0

0 Karma
1 Solution

LukeMurphey
Champion

That is a fair point. I think I might implement a depth limit. That way, the user can distinguish between monitoring just the directory itself versus the directory and the files.

I'm tracking this in https://lukemurphey.net/issues/2041. This is planned for the next release (1.2).

View solution in original post

LukeMurphey
Champion

That is a fair point. I think I might implement a depth limit. That way, the user can distinguish between monitoring just the directory itself versus the directory and the files.

I'm tracking this in https://lukemurphey.net/issues/2041. This is planned for the next release (1.2).

icyfeverr
Path Finder

Thanks for taking my question into consideration, it is much appreciated. Do you know when you expect to have 1.2 released by chance?

0 Karma

LukeMurphey
Champion

@icyfeverr: I just pushed out version 1.2.

0 Karma

icyfeverr
Path Finder

@LukeMurphey Works perfectly. Thank you for getting this deployed, it is much appreciated.

0 Karma
Get Updates on the Splunk Community!

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...

Want to Reduce Costs, Mitigate Risk, Improve Performance, or Increase Efficiencies? ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...