Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure Splunk to monitor and index a file that is generated by a script daily, even if there is no change?

DavidHourani
Super Champion
‎06-17-2016 05:42 AM

Hello,

I would like to monitor a file that is generated by a script. The script is run daily and the results can be the same for many days in a row. Splunk doesn't seem to take consecutive results if they are the same.

Is there any way I can force Splunk to index data daily each time a new file is generated. The only thing changing from one file to the other is the "modified date" while the rest is the same (file name,content, etc..). I don't mind having the same data many times on different dates.

Thank you.
Regards,
David

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jmallorquin
Builder
‎06-17-2016 05:56 AM

Hi,

One trick that you can do is make a script to print the ouput of the file and index the output, with current time

Hope i help you

View solution in original post

Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎06-17-2016 07:03 AM

As per inputs.conf

alt text

-- Must be in the range 256-1048576.

So, you need to ensure that something is different in the first 256 bytes (unless you change the default). Adding the date or a random number.

Preview file
35 KB
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎06-17-2016 09:36 AM

my entire file is the same daily 😄 any solution with something like CRCsalt= ?

0 Karma
Reply
Solved! Jump to solution
Solution

jmallorquin
Builder
‎06-17-2016 05:56 AM

Hi,

One trick that you can do is make a script to print the ouput of the file and index the output, with current time

Hope i help you

Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎06-17-2016 09:35 AM

smart plan 😄 i was looking for something more like CRCsalt= ..don't know if that exists..

0 Karma
Reply
Solved! Jump to solution

jmallorquin
Builder
‎06-20-2016 12:34 AM

No for this time sorry.

0 Karma
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎08-03-2016 02:59 AM

Thank you jmallorquin

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...