forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmonitor_unsuccessful_backups.yml
More file actions
39 lines (39 loc) · 1.2 KB
/
monitor_unsuccessful_backups.yml
File metadata and controls
39 lines (39 loc) · 1.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
baseline:
splunk:
schedule:
cron_schedule: ''
earliest_time: -30d@d
latest_time: -10m@m
search: sourcetype="netbackup_logs" "An error occurred, failed to backup." | bucket
_time span=1d | stats dc(COMPUTERNAME) as count values(COMPUTERNAME) as dest
by _time, MESSAGE
creation_date: '2017-08-24'
data_metadata:
data_source:
- Backup Logs
data_sourcetypes:
- netbackup_logs
providing_technologies:
- Netbackup
description: This search is intended to give you a feel for how often backup failures
happen in your environments. Fluctuations in these numbers will allow you to determine
when you should investigate.
eli5: This search gives you the count and hostname of all the systems that had a backup
failure each day
how_to_implement: To successfully implement this search you must be ingesting your
backup logs.
id: b2178fed-592f-492b-b851-74161678aa56
known_false_positives: ''
maintainers:
- company: Splunk
email: davidd@splunk.com
name: David Dorsey
modification_date: '2017-09-12'
name: Monitor Unsuccessful Backups
original_authors:
- company: Splunk
email: davidd@splunk.com
name: David Dorsey
spec_version: 2
type: splunk
version: '1.0'