We have a server performing IN and OUT operation on a file, when a file gets generated in the folder, it doesn't stay for a long time (not even few seconds) which is a normal behaviour. Now, we want Splunk to monitor if a file stays there for longer time, say like 10min and alert us.
I tried reading Splunk Answers, but I couldn't get to any solutions.
Can someone throw some light on how to achieve this?
I did read about this but not sure if it suits my requirement here or not. fschange will monitor for any modifications but my file doen't have any modifications once it gets created. Not sure why I can use this in my case.