Solved: Re: How to monitor change in scripted input?

ben_leung · ‎02-09-2015

How do you make sure to send logs from a scripted input only when the output is changed?

Lets say the script is doing an "ls" on the file system and runs every minute. I do not want an index to get filled with the same events just with a different time stamp.

How do you make sure that Splunk only forwards data whenever the scripts output is different than the previous output?

skawasaki_splun · ‎02-09-2015

If you already wrote a script then at the end of the script take the result of "ls" and write to a file. In the beginning of the script, check that file and only output to STDOUT if there is a difference.

In other words, Splunk can't do this "difference" functionality. Your script will have to do this.

View solution in original post

skawasaki_splun · ‎02-09-2015

If you already wrote a script then at the end of the script take the result of "ls" and write to a file. In the beginning of the script, check that file and only output to STDOUT if there is a difference.

In other words, Splunk can't do this "difference" functionality. Your script will have to do this.

How to monitor change in scripted input?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!