Help with monitoring stanza

vrmandadi · ‎03-19-2019

Below are the files to monitor

/Backup/HealthCheck/Reports/Auto_HC_Mar_19_19_08_26_25.log
/Backup/HealthCheck/Reports/CBA_HC_Mar_19_19_08_27_03.log

Below is the stanza I am using

[monitor:///Backup/HealthCheck/Reports/*.log]

Is this the correct monitor stanza or am I doing something wrong?

woodcock · ‎03-19-2019

The stanza is correct but did you assign a sourcetype=foo and index=bar under it so that you know where to look for the data?

richgalloway · ‎03-19-2019

If that stanza results in those files being monitored, then the stanza is correct. If the files are not monitored, then something is amiss and you should share the entire stanza.

---
If this reply helps you, Karma would be appreciated.

vrmandadi · ‎03-19-2019

[monitor:///Backup/HealthCheck/Reports/*.log]
index = main
sourcetype = db_health

The above stanza is from the deployment server and below is the event from the internal logs for that host

03-19-2019 14:01:47.251 -0400 INFO WatchedFile - Will begin reading at offset=522894 for file='/var/log/cbsensor/cbdaemon.ORCLPRODSS1-AZ3.invalid-user.log.INFO.20190318-103119.10963

ddrillic · ‎03-19-2019

Oh, you should look for something like -

-- 03-16-2019 23:00:00.089 -0500 INFO WatchedFile - Will begin reading at offset=0 for file='/Backup/HealthCheck/Reports/CBA_HC_Mar_19_19_08_27_03.log'.

Your monitor stanza looks just fine.

Help with monitoring stanza

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms