Can Splunk send a file as attachment without readi...

vchennuri · ‎09-03-2019

Can Splunk send a file as attachment without reading the content or data in the file

vchennuri · ‎09-03-2019

A file is generated every day having data of 10 to 20 lines in a location with the difference in file name. Can splunk read the data in generated file and send the file as an email alert whenever that new file is generated ?

solarboyz1 · ‎09-03-2019

Sort of...

You would monitor the location the files are produced:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/Monitorfilesanddirectorieswithinputs.conf

You would create a search looking for new events from the input you just created.

Assuming your inputs, timestamps, and timezones are set correctly, any new events would indicate a new file.

In which case, you would schedule a search every X minutes, configure the email to generate a single email, and attach the search results.

solarboyz1 · ‎09-03-2019

I dont know of any way for Splunk to attach a non-search produced file to an email using the standard "Send Email" alert action.

This can be accomplished by creating an alert action, which could send an email and attach a document:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Alert/Configuringscriptedalerts

richgalloway · ‎09-03-2019

Send it where? What is your use case?

---
If this reply helps you, Karma would be appreciated.

Can Splunk send a file as attachment without reading the content or data in the file ?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)