Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

I need real time monitoring in a folder to ensure that there is no file older than 15 minutes.

suhanrs
New Member
‎06-07-2018 09:05 PM

Currently, I have a setup ftp to drop a file in a folder which will be later moved out from the current folder to be processed.
The threshold is 1 and there shall not be any file present in the folder older than 15 mins.
How can I monitor the folder to ensure the file does not stay in the folder for more than 15 mins and it should alert if it stays longer than 15 mins.

fyi: running on Windows platform

Tags (1)
0 Karma
Reply

HiroshiSatoh
Champion
‎06-07-2018 09:58 PM

I think that it can be realized by shortening the monitoring interval with fschange.
For fschange read the notes in the document.

http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/Monitorchangestoyourfilesystem

0 Karma
Reply

suhanrs
New Member
‎06-07-2018 10:54 PM

How to check on the file if it is there for more than 15 min?
Should it be done by a script?

0 Karma
Reply

HiroshiSatoh
Champion
‎06-08-2018 06:40 AM

Rather than getting the log, you can set the file's presence check and the monitoring interval. So I think that fschange is good.

I think that you can realize the time until deletion by alert for 15 minutes.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...