We are monitoring a folder which has multiple ~100 files. Each file is with single line of backup status. I have indexed all the files into splunk. Each line represent below is coming from different source.
10/08/2019 23:00:00,,INC1111,SERVER1,Missed
10/08/2019 22:00:00,,INC2210,SERVER2,Missed
10/08/2019 21:00:00,10/08/2019 21:00:40,INCR2100,SERVER3,Failed 12
10/08/2019 22:00:00,,INC2200,SERVER4,Missed
10/08/2019 21:00:00,10/08/2019 21:00:40,INCR2100,SERVER5,Failed 12
10/08/2019 21:00:00,,INC2100,SERVER6,Missed
10/08/2019 21:00:00,,INC2100,SERVER7,Missed
10/08/2019 21:00:00,10/08/2019 21:00:40,INCR2100,SERVER8,Failed 12
10/08/2019 21:00:00,,INC2100,SERVER9,Missed
10/08/2019 21:00:00,,INC2100,SERVER10,Missed
10/08/2019 20:00:00,10/08/2019 20:05:02,INCR2000,SERVER11,Failed 12
Requirement is to create an individual alert for each line here. Can this be possible with any dynamic query. I can create alert in bulk but that is not the soluation we are looking for.
Is there is any possiblity to create a dynamic alert for each entry above from different files.
Thanks,
Ramu Chittiprolu
↧