Created
October 18, 2013 08:00
-
-
Save neilstuartcraig/7038037 to your computer and use it in GitHub Desktop.
A splunk search which you can schedule and alert on (e.g. if number of events > 0) to let you know if any of your servers are generating large volumes of log data.
We use this at work in a suite of alerts which help us identify problems or potential security violations quickly and easily.
To this end, you'll probably want to add to this search t…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| index="_internal" source="*metrics.log" per_host_thruput | chart sum(kb) by series | rename sum(kb) to KBLogged | eval MBLogged=round(KBLogged/1024,1) | fields series MBLogged | search MBLogged>3 | sort -MBLogged |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment