Hi,
I'm trying to get alerts on Splunk every time I get a new entry with text 'No space left on device' in a log file.
Here's a sample:
April 06, 2016 10:28 -> ERROR -> Setting projects/apq8084-la-1-2-mdm9635m-tn-1-0_r121032d-1cadence1_synccode-system to erred, Sync error Warning: Permanently added 'host' (ECDSA) to the list of known hosts.^M
stty: standard input: Invalid argument
remote: fatal: fsync error on './objects/pack/tmp_pack_MXkovr': No space left on device^[[K
error: unpack failed: index-pack abnormal exit
My search:
host=servername source=/usr/sync.log No space left on device latest=-24h
How do I do the search to display only the newest based on the text displayed (in the case above that will be April 06, 2016). By setting the search like above, I'm getting alerts regarding that same alert.
Thanks
... View more