I have created a CSV which contains all the log files that are required. I want to create an alert if any log file is not updated for 2 days.
You can create a new alert using Settings > Searching, report and Alert section.
In the alert Serach, you can write a simple Search to get receive data in regard to the logs for the time frame of 2 days.
In the Alert Trigger Condition, check the Number of Results=0
And set the Trigger Action as Email and give the relevant details for the email alerts..
This won't scale at all.. What happens when you have 100TB/day deployment with millions of logs you're monitoring?
This is going to be difficult to maintain. You should checkout MetaWoot instead
yup i ll try that but if i want to do it by normal method what query i should use
Once again, your begging for problems by wanting to do it "the normal way". You will have many false alerts, have to maintain a lookup when adding new sources etc..
ok then i ll install the app and will do that
MetaWoot can monitor the tsidx files at the host level and make managing this much easier. Please upvote/accept if this answered your question