Hello,
I'm having a little twisted requirement than your's. Hoping if someone can help me with it.
We have different arrival times of multiple files that gets created at a common location.
I've created a csv lookup file xyz.csv which has the following rows in it inside splunk.
file_Name: extension_of_the_File: file_id: file_Starting_Name:
1 a tg a
2 b tg b
3 c tg c
4 d tg d
I want to see all the result and if files a,b is not received by x specific time and c,d is not received by Y specific time. I want to generate alert based on this query which will tell me at this time of the day or hour the file was not received.
My base query looks like this:
| inputlookup xyz.csv | join type=outer file_Starting_Name [ search index=index sourcetype=logs
/busdata/etc/host/logs/*.tg
| rex field=raw "/(?[\w]+).flg" | rename fileName as file_Starting_Name
| stats latest(_time) as time by file_Starting_Name, host]
Thanks 🙂
... View more