<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Splunk forwarder on linux: parameter format error after adding monitor in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-forwarder-on-linux-parameter-format-error-after-adding/m-p/119369#M24811</link>
    <description>&lt;P&gt;Hi,&lt;BR /&gt;
I have installed splunk forwarder on linux which is having symantec Brightmail Gateway.&lt;BR /&gt;
and i tried to forward the data from that machine to splunk indexer that forwarder sending data only one file under the folder.&lt;BR /&gt;
The path which i have given while adding the monitor:&lt;BR /&gt;
'/var/log/mail/symantec/inbound'&lt;BR /&gt;
under the inbound i want to read everything which has extension of type '.gz'&lt;BR /&gt;
i am getting error that is "parameter should be in this format '-parameter value' "&lt;BR /&gt;
while try to give the path like '/var/log/mail/symantec/inbound/*.gz'&lt;BR /&gt;
can anyone tell me why its happening like that&lt;BR /&gt;
please.......&lt;/P&gt;</description>
    <pubDate>Wed, 25 Jun 2014 09:48:38 GMT</pubDate>
    <dc:creator>thambisetty</dc:creator>
    <dc:date>2014-06-25T09:48:38Z</dc:date>
    <item>
      <title>Splunk forwarder on linux: parameter format error after adding monitor</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-forwarder-on-linux-parameter-format-error-after-adding/m-p/119369#M24811</link>
      <description>&lt;P&gt;Hi,&lt;BR /&gt;
I have installed splunk forwarder on linux which is having symantec Brightmail Gateway.&lt;BR /&gt;
and i tried to forward the data from that machine to splunk indexer that forwarder sending data only one file under the folder.&lt;BR /&gt;
The path which i have given while adding the monitor:&lt;BR /&gt;
'/var/log/mail/symantec/inbound'&lt;BR /&gt;
under the inbound i want to read everything which has extension of type '.gz'&lt;BR /&gt;
i am getting error that is "parameter should be in this format '-parameter value' "&lt;BR /&gt;
while try to give the path like '/var/log/mail/symantec/inbound/*.gz'&lt;BR /&gt;
can anyone tell me why its happening like that&lt;BR /&gt;
please.......&lt;/P&gt;</description>
      <pubDate>Wed, 25 Jun 2014 09:48:38 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-forwarder-on-linux-parameter-format-error-after-adding/m-p/119369#M24811</guid>
      <dc:creator>thambisetty</dc:creator>
      <dc:date>2014-06-25T09:48:38Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk forwarder on linux: parameter format error after adding monitor</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-forwarder-on-linux-parameter-format-error-after-adding/m-p/119370#M24812</link>
      <description>&lt;P&gt;If you're adding things from the CLI, you need to make sure that your shell is not expanding wildcards for you. If you do&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;splunk add monitor /var/log/mail/symantec/inbound/*.gz
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;Your shell will expand this into all files that match that. In order to prevent that from happening you need to escape it, for instance by putting it in single quotes.&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;splunk add monitor '/var/log/mail/symantec/inbound/*.gz'
&lt;/CODE&gt;&lt;/PRE&gt;</description>
      <pubDate>Wed, 25 Jun 2014 10:04:50 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-forwarder-on-linux-parameter-format-error-after-adding/m-p/119370#M24812</guid>
      <dc:creator>Ayn</dc:creator>
      <dc:date>2014-06-25T10:04:50Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk forwarder on linux: parameter format error after adding monitor</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-forwarder-on-linux-parameter-format-error-after-adding/m-p/119371#M24813</link>
      <description>&lt;P&gt;now i want to remove that which i added to monitor earlier.&lt;BR /&gt;
May i konw how to do that.again i will add to monitor as u said&lt;/P&gt;</description>
      <pubDate>Thu, 26 Jun 2014 05:24:28 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-forwarder-on-linux-parameter-format-error-after-adding/m-p/119371#M24813</guid>
      <dc:creator>thambisetty</dc:creator>
      <dc:date>2014-06-26T05:24:28Z</dc:date>
    </item>
    <item>
      <title>Re: Splunk forwarder on linux: parameter format error after adding monitor</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Splunk-forwarder-on-linux-parameter-format-error-after-adding/m-p/119372#M24814</link>
      <description>&lt;P&gt;Like the &lt;CODE&gt;add&lt;/CODE&gt; command there is a &lt;CODE&gt;remove&lt;/CODE&gt; command to remove monitor:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;splunk remove monitor '/var/log/mail/symantec/inbound/*.gz'
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;cheers, MuS&lt;/P&gt;</description>
      <pubDate>Sun, 18 Oct 2015 19:42:20 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Splunk-forwarder-on-linux-parameter-format-error-after-adding/m-p/119372#M24814</guid>
      <dc:creator>MuS</dc:creator>
      <dc:date>2015-10-18T19:42:20Z</dc:date>
    </item>
  </channel>
</rss>

