Re: Create Alert if condition is met?

Chinni611 · ‎10-26-2022

Hi ,

I have a scenario where the files needs to be transferred for both inbound and outbound at 2 am daily.

I need to create an alert when files are present in inbound by 2 am but missing in outbound by 2 am .

Here is my query below. please help

index=cas source="/bin/var/logs/log" File 1OR File 2 OR File 3 OR File 4 Inbound

for outbound condition is to change to outbound and File 1 represents the file that is getting transferred

gcusello · ‎10-26-2022

Hi @Chinni611,

could you better describe how to recognize inbound from outbound?

in oher words; is there a string in one event? or there's a file with a different name?

Ciao.

Giuseppe

Chinni611 · ‎10-27-2022

differentiation is just by IP address for inbound (x.x.x) or not api - outbound is api.com address .File is same ( file is getting transported to both the places first inbound and later outbound) we need to track if file is present in inbound but missing in outbound at 2:01 am daily

johnhuang · ‎10-26-2022

Could you provide some sample data?

Create Alert if condition is met?

eval

stats

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?