Getting Data In

Find files that are not being accessed

christopher_hod
Path Finder

The scenario:
I have a scripted input that gives me a list of files in a directory. On a regular basis I want to run a search that will see how many times each of those has been served by the webserver. I also want to include in the report any files that have not been hit in the report.

Assume the subsearch for the list of files is just:

[search sourcetype=dirlist | fields filename ]

And that it's searching against normal apache access logs.

Tags (2)
1 Solution

dwaddle
SplunkTrust
SplunkTrust

Maybe something like:

sourcetype=access_combined [ search sourcetype=dirlist | fields filename ]
| stats count as hitcount by filename
| append [ search sourcetype=dirlist | fields filename | eval hitcount=0 ]
| stats max(hitcount) by filename

View solution in original post

dwaddle
SplunkTrust
SplunkTrust

Maybe something like:

sourcetype=access_combined [ search sourcetype=dirlist | fields filename ]
| stats count as hitcount by filename
| append [ search sourcetype=dirlist | fields filename | eval hitcount=0 ]
| stats max(hitcount) by filename
Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...