topic Re: Multiple Wildcards in inputs.conf in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Multiple-Wildcards-in-inputs-conf/m-p/93646#M19458 <P>The simple wild cards for path are : * and ..., they are automatically replaced by regexes<BR /> see <A href="http://docs.splunk.com/Documentation/Splunk/4.3.3/Data/Specifyinputpathswithwildcards" target="_blank">http://docs.splunk.com/Documentation/Splunk/4.3.3/Data/Specifyinputpathswithwildcards</A></P> <P>It is not recommended to use regexes in the path (need to start to escape any special characters, by example file.txt has to be file\.txt ), instead you can use whitelist and blacklists that can contain regexes.</P> <P>so with your case, <BR /> [monitor:///data/logs/kim/.../*MS?.log.gz]<BR /> has to be something like <BR /> <PRE><BR /> [monitor:///data/logs/kim/...]<BR /> whitelist = .*MS?\.log\.gz<BR /> </PRE></P> <P>while the second should work because it uses only wildcards.<BR /> <PRE><BR /> [monitor:///data/logs/kim/.../<EM>stderr</EM>]<BR /> </PRE></P> Mon, 28 Sep 2020 12:02:32 GMT yannK 2020-09-28T12:02:32Z Multiple Wildcards in inputs.conf https://community.splunk.com/t5/Getting-Data-In/Multiple-Wildcards-in-inputs-conf/m-p/93645#M19457 <P>Hi,</P> <P>Can I use the following expression in my inputs.conf</P> <P>/data/logs/kim/.../<EM>**MS?.log.gz</EM>*</P> <P>Or</P> <P>/data/logs/kim/.../*<STRONG><EM>stderr</EM></STRONG>*</P> Mon, 09 Jul 2012 08:31:53 GMT https://community.splunk.com/t5/Getting-Data-In/Multiple-Wildcards-in-inputs-conf/m-p/93645#M19457 mkelderm 2012-07-09T08:31:53Z Re: Multiple Wildcards in inputs.conf https://community.splunk.com/t5/Getting-Data-In/Multiple-Wildcards-in-inputs-conf/m-p/93646#M19458 <P>The simple wild cards for path are : * and ..., they are automatically replaced by regexes<BR /> see <A href="http://docs.splunk.com/Documentation/Splunk/4.3.3/Data/Specifyinputpathswithwildcards" target="_blank">http://docs.splunk.com/Documentation/Splunk/4.3.3/Data/Specifyinputpathswithwildcards</A></P> <P>It is not recommended to use regexes in the path (need to start to escape any special characters, by example file.txt has to be file\.txt ), instead you can use whitelist and blacklists that can contain regexes.</P> <P>so with your case, <BR /> [monitor:///data/logs/kim/.../*MS?.log.gz]<BR /> has to be something like <BR /> <PRE><BR /> [monitor:///data/logs/kim/...]<BR /> whitelist = .*MS?\.log\.gz<BR /> </PRE></P> <P>while the second should work because it uses only wildcards.<BR /> <PRE><BR /> [monitor:///data/logs/kim/.../<EM>stderr</EM>]<BR /> </PRE></P> Mon, 28 Sep 2020 12:02:32 GMT https://community.splunk.com/t5/Getting-Data-In/Multiple-Wildcards-in-inputs-conf/m-p/93646#M19458 yannK 2020-09-28T12:02:32Z