Hi,
I want splunk to continuously monitor a file, say some error log file.
and i will be writing a alert condition like if some error specific word is found in the error log, and will configure an action.
For now i am adding data through settings-> Add Data.
But the file is added into splunk is static, as even now if i change something in the original file it wont be knowing.
so i want splunk to monitor the file like an application created an error log on some location xyx. Splunk should run the scheduled alert by taking the latest copy of that error log from xyz location instead of the file i added to data.
Pls Indicate how to achieve this. And i am using splunk with Service-now(splunk addon for servicenow).
Also please specify is there any way to get data from service-now
thanks in advance.
↧