Splunk Dev

Monitor a log file

jip31
Motivator

Hi

I want to monitor a log file in "C:\Windows\Logs\CBS.log" in an SPL command
Is it possible with wineventlog or with anotherway please?
regards

Tags (1)
0 Karma

jip31
Motivator

hi
no not to ingest directly
i have to check the size file of CBS.log" in an SPL command on many machines
if i see that this file is > to 1 GO i have to receive an email
what do you thing about this code?
source="C:\Windows\Logs\CBS.log" | eval esize=len(_raw) | stats sum(esize) by sourcetype
or do i need File/Directory Information Input Add-on?
Thanks

0 Karma

ravidudala
Explorer

Hi,

If I understand your question - you want to ingest the file CBS.log .

If that is the case you can follow the instructions available in below Doc.
https://docs.splunk.com/Documentation/Splunk/7.0.2/Data/MonitorfilesanddirectorieswithSplunkWeb

If not can you elaborate your question?

Thanks | RD

Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...