https://community.splunk.com/t5/Getting-Data-In/Duplicate-files-being-indexed/m-p/85767#M17830 <P>Try blacklisting the rolled/gzipped logs:</P> <P>$SPLUNK_HOME/etc/apps/unix/local/inputs.conf:</P> <PRE><CODE>[monitor:///var/log] disabled = 0 _blacklist = (lastlog|radius\.log.+) </CODE></PRE> Tue, 09 Nov 2010 01:49:32 GMT ziegfried 2010-11-09T01:49:32Z https://community.splunk.com/t5/Getting-Data-In/Duplicate-files-being-indexed/m-p/85766#M17829 <P>Using the Unix App, monitoring Radius log files. /var/log/radius/radius.log Current log file gets renamed and gzipped. Splunk is indexing radius.log but also indexing radius.log-20101105 and radius.log-20101105.gz.</P> <P>Suggestions? Thanks.</P> Tue, 09 Nov 2010 01:29:14 GMT https://community.splunk.com/t5/Getting-Data-In/Duplicate-files-being-indexed/m-p/85766#M17829 eelisio2 2010-11-09T01:29:14Z https://community.splunk.com/t5/Getting-Data-In/Duplicate-files-being-indexed/m-p/85767#M17830 <P>Try blacklisting the rolled/gzipped logs:</P> <P>$SPLUNK_HOME/etc/apps/unix/local/inputs.conf:</P> <PRE><CODE>[monitor:///var/log] disabled = 0 _blacklist = (lastlog|radius\.log.+) </CODE></PRE> Tue, 09 Nov 2010 01:49:32 GMT https://community.splunk.com/t5/Getting-Data-In/Duplicate-files-being-indexed/m-p/85767#M17830 ziegfried 2010-11-09T01:49:32Z https://community.splunk.com/t5/Getting-Data-In/Duplicate-files-being-indexed/m-p/85768#M17831 <P>That worked but only for the radius.log file. Modified the blacklist value to include a more generic form that also covered other log files in /var/log/ with the same naming convention (<CODE>filename.log-&lt;somedate&gt;[.gz|.bz2]</CODE>)</P> <P>_blacklist=(lastlog|(.log-\d{8}.*)$)</P> <P>Used the command 'splunk list monitor | grep filename' to confirm the dated files were no longer being monitored, which seems to be the best way to test that the syntax is correct. Thanks for the help!</P> Wed, 10 Nov 2010 02:32:46 GMT https://community.splunk.com/t5/Getting-Data-In/Duplicate-files-being-indexed/m-p/85768#M17831 Jason_1 2010-11-10T02:32:46Z