Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

alert when directory or subdirectory does not have file that created today

indeed_2000
Motivator
‎07-15-2021 09:15 AM

Hi

I have file server that everyday backups of servers copy on that server on below path:

/backup/files/

/backup/files/server1/$DATE.zip

/backup/files/server2/$DATE.zip

...

 

How can I trigger this with Splunk: every day check that path and whenever one server not copy backup files, Splunk alert me.

e.g. backup  file every night at 04:00 is ready, every morning at 07:00AM check that path and if find directory that has not have file that create today alert me.

 

Any idea?

Thanks,

Labels (6)
Labels
Tags (4)
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎07-15-2021 09:46 AM

Hi @indeed_2000 
How can I trigger this with Splunk: every day check that path and whenever one server not copy backup files, Splunk alert me

you should write a simple query like index=main host=hostname | stats count

and save it as alert.. on the alert, add a condition that if the count is "zero"(the hostname has not sent backup files), then send you an email notification. 

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Tags (1)
0 Karma
Reply

indeed_2000
Motivator
‎07-19-2021 06:48 AM

Is there any way to create table that show two columns like this?

server                                                                 Status 

/backup/files/server1/$DATE.zip      Success 

/backup/files/server2/$DATE.zip       Failed 

 

0 Karma
Reply

indeed_2000
Motivator
‎07-15-2021 11:00 AM

would you please show me real example?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...