Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to configure Splunk to monitor and index a file that is generated by a script daily, even if there is no change?

DavidHourani
Super Champion
‎06-17-2016 05:42 AM

Hello,

I would like to monitor a file that is generated by a script. The script is run daily and the results can be the same for many days in a row. Splunk doesn't seem to take consecutive results if they are the same.

Is there any way I can force Splunk to index data daily each time a new file is generated. The only thing changing from one file to the other is the "modified date" while the rest is the same (file name,content, etc..). I don't mind having the same data many times on different dates.

Thank you.
Regards,
David

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jmallorquin
Builder
‎06-17-2016 05:56 AM

Hi,

One trick that you can do is make a script to print the ouput of the file and index the output, with current time

Hope i help you

View solution in original post

Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎06-17-2016 07:03 AM

As per inputs.conf

alt text

-- Must be in the range 256-1048576.

So, you need to ensure that something is different in the first 256 bytes (unless you change the default). Adding the date or a random number.

Preview file
35 KB
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎06-17-2016 09:36 AM

my entire file is the same daily 😄 any solution with something like CRCsalt= ?

0 Karma
Reply
Solved! Jump to solution
Solution

jmallorquin
Builder
‎06-17-2016 05:56 AM

Hi,

One trick that you can do is make a script to print the ouput of the file and index the output, with current time

Hope i help you

Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎06-17-2016 09:35 AM

smart plan 😄 i was looking for something more like CRCsalt= ..don't know if that exists..

0 Karma
Reply
Solved! Jump to solution

jmallorquin
Builder
‎06-20-2016 12:34 AM

No for this time sorry.

0 Karma
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎08-03-2016 02:59 AM

Thank you jmallorquin

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...