MSC
Reputation: 1
Create a Splunk alert from a log file when a file with name hello.imp is below 10 bytes
I'm trying to write a Splunk query where it searches for a file called hello.imp from a log file and returns with a output if the file size is below 10 bytes. I have the index and log location but unable to find the exact query. Please help me out in a writing a query and creating an alert out of it.
Upvotes: 0
Views: 411
Answers (1)
RichG
Reputation: 9926
You can get the size of a source file by adding up the sizes of each event within that file. Like this:
index=foo source=bar
| eval size=len(_raw)
| stats sum(size) as TotalSize
Upvotes: 0
Related Questions
- Splunk Alert - custom trigger condition - trigger alert if percentage failure increase by 1% in last 15 minutes
- How can we create splunk alerts using config files?
- Splunk: How to check the logfile size of specific logfiles?
- Alerting in splunk for different thresholds
- Splunk Alert Creation
- Setting up Splunk alerting
- Setting up alerts for metrics in Splunk
- How to make an Alert in Splunk?
- Splunk alert based on the search result value
- splunk check if message contains certain string