Re: How to Monitor the latest timestamp of the log...

Amit79 · ‎07-08-2023

Below is my log file details

index="idx_rwmsna" sourcetype=st_rwmsna_printactivity source="E:\\Busapps\\rwms\\mna1\\geodev12\\Edition\\logs\\DEFAULT_activity_1.log"

I tried multiple ways but I am unable to make this work using below splunk query appreciate response on this

| tstats latest(_time) as updated_time where index="idx_rwmsna" source="E:\\Busapps\\rwms\\mna1\\geodev12\\Edition\\logs\\DEFAULT_activity_1.log" host=ATLWMSVP44
| eval status=if(updated_time>(now()-60),"ko","ok")

The problem is with above query, if file updation stopped before the triggering time of the alert its not fetching the updated_time and its not processing further.

Can someone please help how to handle this , please consider this on priority

Regards

Amit

gcusello · ‎07-08-2023

Hi @Amit79,

what's the difference (but the title) of your previous question at https://community.splunk.com/t5/Alerting/Need-help-with-alert/m-p/649714#M15194?

Ciao.

Giuseppe

Amit79 · ‎07-09-2023

Hello Sir,

I have put the details in this post and why this splunk query is not working for me.

I am trying to see if for this case alert generation is possible or no ?

If its possible please let me know how can I do it.

Regards

Amit

gcusello · ‎07-09-2023

Hi @Amit79,

they seem to be the same!

Anyway, did yu tested my solution in the other amswer?

Ciao.

Giuseppe

How to Monitor the latest timestamp of the log file using source?

monitor

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!