Please guide me in steps how to add log file that appends by current date.
How and where to add log file eg abc.2010.2.24.log (today),abc.2010.2.25(tomorrow) . Do i need to add the log file daily?
Please do not use all caps in your questions.
I have to search for a string in the log file so I am not very sure what should i add in search-command?
For eg I have to search exception in abc.2011.3.3.log file which is included in sername/common/abc/abc.2011.3.3.log
Nw in Manager » Data inputs » Files & Directories>>new... I gave path name as \sername\common\abc Is this fine? And also in Manager » Searches and reports >>new i gave "exception " source="\\sername\domains\common\abc" also i gave clicked on checkbox of Schedule this search and set up alert conditions and include results in email and specified email ids.However I did not get any email and I am not sure whether I set up correct alert or not.
Please help me
deepti123: Do you read the comments? Close this thread, and open a NEW one!
The best to do it - go back to the search app. There, type your search-command. On the upper right hand is a symbol "save search" -> (your command will automatically included). Set the time range, tick the "Schedule this search" and set when it sould run, further type in your email etc. (make sure your server where splunks runs on has sendmail configured)
Finally, you save it - and it will be found through Manager » Searches and reports
ps: Next time, please close the thread and open a new one. We're swapping from "appending files" over to "saved searches & reports" - just to keep the topics tidy!
Also in Manager » Searches and reports >> new i need to add the path of my log file wherein i have entered as //servername/test In test I have abc.28.2.2011.log which I want to monitor
And then in Manager » Data inputs » Files & Directories>> new in which I added servername/test and then in whitelist i added abc*log
Now Splunk will send me an email after monitoring log files daily inside test directory?
Please help me in the above
actually my logfiles are in same directory. Also, in Manager<
Is there any provision for including logfile which is appended to systemdate.log ?
No you don't!
If your logfiles are all in the same directory, monitor the whole directory (e.g):
On the UI: Manager » Data inputs » Files & Directories » Add New
That's it, but if you have other files in that directory you wont monitor do following on the UI
The Whitelisting option uses all abc*log files now, but not dbc*log, or whatever
Thanks for the quick reply. I'll try this.
Ok, if your file abc_23_02_2011.log's coming in today, it'll be read by splunk. The same happens tomorrow with the file abc_24_02_2011.log. Splunk monitors the whole directory, which means, every new file will be read into splunk. To your question: yes, splunk handles this by itself and no you don't have to add any other config params.
HI, I am quite new to splunk.In our file system, 1 log file is generated per day appended by date e.g abc_dd_mm_YYYY. I want splunk to monitor only the file generated for that day.e.g on 23 feb, I want splunk to monitor only the file appended with 23_02 in end. Will splunk automatically handle this, or we have to add configuration parameters.
deepti123: not sure what you exactly mean with: Is there any provision for including logfile which is appended to systemdate.log ?
Not sure what you're after here.
Splunk doesn't itself create any log files from external data, the only log files it creates are those related to Splunk's own operation.
If what you mean is that you have a directory, say, /var/log/mylogs, consisting of log files that are rotated so that a new log file is created with a date appended to its name, you just have to tell Splunk to index the whole directory /var/log/mylogs instead of each invididual file in that directory.