Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure Splunk to monitor and index a file that is generated by a script daily, even if there is no change?

DavidHourani
Super Champion
‎06-17-2016 05:42 AM

Hello,

I would like to monitor a file that is generated by a script. The script is run daily and the results can be the same for many days in a row. Splunk doesn't seem to take consecutive results if they are the same.

Is there any way I can force Splunk to index data daily each time a new file is generated. The only thing changing from one file to the other is the "modified date" while the rest is the same (file name,content, etc..). I don't mind having the same data many times on different dates.

Thank you.
Regards,
David

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jmallorquin
Builder
‎06-17-2016 05:56 AM

Hi,

One trick that you can do is make a script to print the ouput of the file and index the output, with current time

Hope i help you

View solution in original post

Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎06-17-2016 07:03 AM

As per inputs.conf

alt text

-- Must be in the range 256-1048576.

So, you need to ensure that something is different in the first 256 bytes (unless you change the default). Adding the date or a random number.

Preview file
35 KB
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎06-17-2016 09:36 AM

my entire file is the same daily 😄 any solution with something like CRCsalt= ?

0 Karma
Reply
Solved! Jump to solution
Solution

jmallorquin
Builder
‎06-17-2016 05:56 AM

Hi,

One trick that you can do is make a script to print the ouput of the file and index the output, with current time

Hope i help you

Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎06-17-2016 09:35 AM

smart plan 😄 i was looking for something more like CRCsalt= ..don't know if that exists..

0 Karma
Reply
Solved! Jump to solution

jmallorquin
Builder
‎06-20-2016 12:34 AM

No for this time sorry.

0 Karma
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎08-03-2016 02:59 AM

Thank you jmallorquin

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...

Unlock Instant Security Insights from Amazon S3 with Splunk Cloud — Try Federated ...

Availability: Must be on Splunk Cloud Platform version 10.1.2507.x to view the free trial banner. If you are ...