Hello Community,
Rookie here
I am looking for some ideas to just monitor a directory for incoming and outgoing files and not the actual data with in the files. I am wanting to see if I can project this data to a dashboard with the names of files that have come in and processed.
/opt/splunk/input/test_in
/op/splunk/output/test_out
Is it possible with in Splunk, I believe Splunk may be an overkill but I want to see if I can achieve it.
I am in my demo environment, installed splunk server, created an index, installed forwarder on my remote unix server, configured the inputs/outputs files, connected it to the indexer and I see it reporting.
Please let me know.
Cheers !
Yes, you can try it in your lab. Understand, however, that fschange could do away in any upcoming Splunk release. Also, it's not necessary for your script to emulate fschange. You can make the output be anything useful to you - then build the dashboard around that.
There is the fschange input, but it's deprecated so not recommended. Aside from that, all you can do is write a script to do the monitoring and report results to Splunk.
Thanks Rich.
can I still try fschange in my lab environment, I want to see how it presents on that dashboard so that I can get some idea of how the script output will need to look like ?