How to generate the alerts on specific condition

sachindarade · ‎03-02-2020

Hi All,

I am new to Splunk.. Here is my requirement.. I have pass log directory to forwarder. Now i want to read the logs and generate the alerts when log file contains "file(s) count is 2" or greater than 1. (condition is : File(s) count is greater than 1)

your help would be really appreciated.

Thanks in Advance.

sumanssah · ‎03-02-2020

maybe you can try

| tstats count where index=<your_index_name> by source | where the count > 1

woodcock · ‎03-02-2020

Show the content of the log.

sachindarade · ‎03-02-2020

02/26/2020 09:02 AM .
02/26/2020 09:02 AM ..
02/17/2020 02:43 PM Archive
02/17/2020 06:47 PM 71 queuelog.bat
1 File(s) 71 bytes
3 Dir(s) 413,241,344 bytes free

Here is the log...

you can see that "1 File(s)"... so i have to parse the log content and look for the file count.. if files count is grater than 1 then i wanted to generate the alerts.

How to generate the alerts on specific condition

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

How to generate the alerts on specific condition

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk