Solved: Re: How to configure Splunk to monitor and index a...

DavidHourani · ‎06-17-2016

Hello,

I would like to monitor a file that is generated by a script. The script is run daily and the results can be the same for many days in a row. Splunk doesn't seem to take consecutive results if they are the same.

Is there any way I can force Splunk to index data daily each time a new file is generated. The only thing changing from one file to the other is the "modified date" while the rest is the same (file name,content, etc..). I don't mind having the same data many times on different dates.

Thank you.
Regards,
David

jmallorquin · ‎06-17-2016

Hi,

One trick that you can do is make a script to print the ouput of the file and index the output, with current time

Hope i help you

View solution in original post

ddrillic · ‎06-17-2016

As per inputs.conf

-- Must be in the range 256-1048576.

So, you need to ensure that something is different in the first 256 bytes (unless you change the default). Adding the date or a random number.

DavidHourani · ‎06-17-2016

my entire file is the same daily 😄 any solution with something like CRCsalt= ?

jmallorquin · ‎06-17-2016

Hi,

One trick that you can do is make a script to print the ouput of the file and index the output, with current time

Hope i help you

DavidHourani · ‎06-17-2016

smart plan 😄 i was looking for something more like CRCsalt= ..don't know if that exists..

jmallorquin · ‎06-20-2016

No for this time sorry.

DavidHourani · ‎08-03-2016

Thank you jmallorquin

How to configure Splunk to monitor and index a file that is generated by a script daily, even if there is no change?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!