Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you track the size of a log file?

flyers777
Explorer
‎01-20-2020 06:17 AM

I've been browsing around and was wondering is there a way to track a specific log file size (source)? The main reason I want to have an alert that if that files gets too big to have Splunk kick of a script to archive it. I really haven't been able to find a way to do this and was just wondering if anyone else has ran into this issue? Thanks everyone for your help.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-20-2020 07:51 AM

Hi @flyers777,
you could run a script that extract the size of files using a simple dir command (in Windows) or an ls -la command (in Linux) sending the output to Splunk, then you can run a search that compares values alerting it it reach a threeshold.

You can find infos at https://docs.splunk.com/Documentation/Splunk/8.0.1/AdvancedDev/ScriptSetup but in few words:

  • you have to create a script in $SPLUNK_HOME/etc/apps/your_app/bin e.g. called ls.sh (in Linux),
  • give to the script the correct execution rights,
  • create a stanza in inputs.conf to schedule script.

Ciao.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...