I’m new to Splunk and been doing a lot of reading and browsing Splunkbase.
I am needing to create an Alert to run every 30 minutes to monitor the file size of all the log files in a directory (/u01/app/psoft/logs/ERPRD).
These log file names aren’t static as new ones are created when a user runs a query.
If any of the log files are > 500MB, the Alert will fire an email.
Any detailed help or reference links would be appreciated.
You could write a scripted input that calls ls -l
on the monitored directory, and filter the result based on the file size listed.
For reference you can take a look at the *NIX app, it contains many scripted inputs that basically call a single command such as ps, df, etc.