Solved: Difference between monitor and fschange

Nicholas_Key · ‎04-29-2010

[1] May I know what are the differences between using monitor or fschange?

[2] Is there a documentation about fschange? If there isn't, how do I make use of it?

Simeon · ‎04-29-2010

[link text][1]Monitor is intended to be the input method for live log files that you continuously write data to. The fschange input method is intended to monitor a change in the filesystem. A basic example for each item:

use monitor for a web log file or java app log file
use fschange for a system file or configuration file

For more details you can read the documentation here:

http://www.splunk.com/base/Documentation/latest/Admin/Monitorfilesanddirectories

http://www.splunk.com/base/Documentation/latest/Admin/Monitorchangestoyourfilesystem

View solution in original post

Simeon · ‎04-29-2010

[link text][1]Monitor is intended to be the input method for live log files that you continuously write data to. The fschange input method is intended to monitor a change in the filesystem. A basic example for each item:

use monitor for a web log file or java app log file
use fschange for a system file or configuration file

For more details you can read the documentation here:

http://www.splunk.com/base/Documentation/latest/Admin/Monitorfilesanddirectories

http://www.splunk.com/base/Documentation/latest/Admin/Monitorchangestoyourfilesystem

mikelanghorst · ‎01-25-2012

Current Link:
http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorfilesanddirectories
http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorchangestoyourfilesystem

Since those links currently fail for me

Difference between monitor and fschange

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!