Splunk Search

How to generate the alerts on specific condition

sachindarade
New Member

Hi All,

I am new to Splunk.. Here is my requirement.. I have pass log directory to forwarder. Now i want to read the logs and generate the alerts when log file contains "file(s) count is 2" or greater than 1. (condition is : File(s) count is greater than 1)

your help would be really appreciated.

Thanks in Advance.

0 Karma

sumanssah
Communicator

maybe you can try

| tstats count where index=<your_index_name> by source | where the count > 1
0 Karma

woodcock
Esteemed Legend

Show the content of the log.

0 Karma

sachindarade
New Member

02/26/2020 09:02 AM .
02/26/2020 09:02 AM ..
02/17/2020 02:43 PM Archive
02/17/2020 06:47 PM 71 queuelog.bat
1 File(s) 71 bytes
3 Dir(s) 413,241,344 bytes free

Here is the log...

you can see that "1 File(s)"... so i have to parse the log content and look for the file count.. if files count is grater than 1 then i wanted to generate the alerts.

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...