Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

only monitor FILE NAME not Content

hoggjade
Engager
‎08-04-2011 03:59 AM

Good day

is it possible to only monitor FILE NAMES within a Directory and sub directories and not the Content of these files

Reason being, I need to have a Logging system that users can monitor if a File has been received, but they do not need to see the content

also it needs to read as Simply as possible

Reply

cpt12tech
Contributor
‎03-21-2016 03:30 PM

I have a similar need, I want to list all the files on a volume. These are large video files and I need a list of what is on the volume for reconciliation and searching. One way to set this up is create a Windows .bat file and schedule it to run. The script outputs to a text file. Then configure splunk to monitor the text file. Here is the .bat script:
dir e:\someFolderName*.* /b >>e:\fileNameForSplunkToMonitor.txt

fschange is being depriciated and splunk uses Windows security audit. This would be too cumbersome for my needs as I would have to search for all files added & deleted to get the current inventory.

Reply

mw
Splunk Employee
Splunk Employee
‎08-04-2011 06:52 AM

You can configure an fschange input stanza to monitor changes to the directory. That would probably be the easiest. Look for "fschange" on this page: http://www.splunk.com/base/Documentation/latest/admin/Inputsconf

Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...