Hi,
we need to trigger a script that makes an SQL insert and this script needs to be triggered when a file is loaded inside Spunk, ie:
Thanks and best regards,
Guido.
@martin_mueller
Thank you for the answer but I do not understand what you mean with "LicenseUsage". I've worked with other SIEM products but I'm a Splunk newbie.
I thought to exploit the real-time search in the following manner. If I insert a bait with a string appended to the file like this:
SIEM\_SOME\_UNIQUEID\_END\_OF\_LOG\_filename\_date\_time.dat
and define an alert that runs the script when I find a record with this string and triggers the execution of a script by using the following features:
http://docs.splunk.com/Documentation/Splunk/5.0.2/Data/Monitorfilesanddirectories
What do you think?
Detecting the deletion may be hard to do, however you can try fiddling with Metrics and LicenseUsage from _internal for sources that match your upload dir. Those may or may not approximate what you need.