Solved: Reading from a specific log file

rsmall13 · ‎03-15-2021

Hi, I am very new to Splunk. I would like to know how to search just the latest log file from the below screenshot. (i.e. the current days file only)

At the moment I have the below search query , but this is pulling all the files so I'm just not sure how of the syntax for adding the current days date string. Ultimately I am looking to find errors real time which send an alert.

source="d:\\logs\\gmoaisfabricsync\\fabricsyncservice-*.txt"

Cheers,
Rob

gcusello · ‎03-15-2021

Hi @rsmall13,

if every file contains only events of a specific day, you could use your search restricting the time period of your search (e.g. today, or yesterday or the last 24 hours).

Only one hint: use always the index condition to have faster searches.

Ciao.

Giuseppe

View solution in original post

rsmall13 · ‎03-15-2021

Ok thanks, that should work! I am also using an index as well.

index="test_apps" AND sourcetype="gao" source="D:\\logs\\GmoAisFabricSync\\FabricSyncService-*.txt"

gcusello · ‎03-15-2021

Hi @rsmall13,

good for you!

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

gcusello · ‎03-15-2021

Hi @rsmall13,

if every file contains only events of a specific day, you could use your search restricting the time period of your search (e.g. today, or yesterday or the last 24 hours).

Only one hint: use always the index condition to have faster searches.

Ciao.

Giuseppe

Reading from a specific log file

eval

regex

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?