I've been browsing around and was wondering is there a way to track a specific log file size (source)? The main reason I want to have an alert that if that files gets too big to have Splunk kick of a script to archive it. I really haven't been able to find a way to do this and was just wondering if anyone else has ran into this issue? Thanks everyone for your help.
Hi @flyers777,
you could run a script that extract the size of files using a simple dir
command (in Windows) or an ls -la
command (in Linux) sending the output to Splunk, then you can run a search that compares values alerting it it reach a threeshold.
You can find infos at https://docs.splunk.com/Documentation/Splunk/8.0.1/AdvancedDev/ScriptSetup but in few words:
Ciao.
Giuseppe