Solved: how to monitor a file for content and send email i...

CommunityUser · ‎12-14-2017

Hi,

As an AppD beginner, loads of time, I get stuck with the easiest problems.. 😞 right now I am trying to create a search that extracts content from a file.

SELECT * FROM logs WHERE source = "%*SAP*%" and messages like "%,cn%" but do not get a search result. *sap* is part of the filename. ,cn is part of the content... any good ideas out there ??

thanks.

helmut.

Mohammed_Rayan · ‎12-16-2017

Helmut,

can you let us know what's the error you are facing while running that query. Maybe, you can share a screenshot if possible.

Also, I would suggest you to try something like below and let me know if it works and also try once without any wildcard charcters and share its result.

SELECT * FROM logs WHERE source = "%*SAP*%" and message ="%,cn%"

Regards,

Mohammed Rayan

View solution in original post

Mohammed_Rayan · ‎12-16-2017

Helmut,

can you let us know what's the error you are facing while running that query. Maybe, you can share a screenshot if possible.

Also, I would suggest you to try something like below and let me know if it works and also try once without any wildcard charcters and share its result.

SELECT * FROM logs WHERE source = "%*SAP*%" and message ="%,cn%"

Regards,

Mohammed Rayan

how to monitor a file for content and send email if content available...

Real User Monitoring

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies