https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342136#M63025 <P>there is one entry defined for log inputs. this happens to resolve to (at least) 6 different source files. Each unique file type should have a sourcetype, however these are all assigned to a single sourcetype.</P> <P>I have to create each source type for that source paths</P> Thu, 20 Apr 2017 16:45:09 GMT cleelakrishna 2017-04-20T16:45:09Z https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342133#M63022 <P>How to develop a regular expression for the below paths to update in transforms.conf?</P> <P>/srv/tomcat7/iiq/logs/sailpoint.log<BR /> /srv/tomcat7/iiq/logs/localhost_access_log.2017-04-19.txt<BR /> /srv/tomcat7/iiq/logs/catalina.out</P> Tue, 29 Sep 2020 13:46:30 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342133#M63022 cleelakrishna 2020-09-29T13:46:30Z https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342134#M63023 <P>If you're looking to capture the filenames, try this</P> <PRE><CODE> \/src\/tomcat7\/iiq\/logs\/(.*) </CODE></PRE> <P>Or if you're extracting as a field</P> <PRE><CODE> \/src\/tomcat7\/iiq\/logs\/(?&lt;fileName&gt;.*) </CODE></PRE> Thu, 20 Apr 2017 16:27:33 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342134#M63023 jkat54 2017-04-20T16:27:33Z https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342135#M63024 <P>What you want to do with these path in the transforms.conf? Search time or index time?</P> Thu, 20 Apr 2017 16:28:12 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342135#M63024 somesoni2 2017-04-20T16:28:12Z https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342136#M63025 <P>there is one entry defined for log inputs. this happens to resolve to (at least) 6 different source files. Each unique file type should have a sourcetype, however these are all assigned to a single sourcetype.</P> <P>I have to create each source type for that source paths</P> Thu, 20 Apr 2017 16:45:09 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342136#M63025 cleelakrishna 2017-04-20T16:45:09Z https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342137#M63026 <P>In props.conf:</P> <PRE><CODE>[YourSourcetypeHere] REPORT-filename_from_source = filename_from_source </CODE></PRE> <P>In transforms.conf:</P> <PRE><CODE>[filename_from_source] SOURCE_KEY = source REGEX = [^\\\/]+$ FORMAT = finename::$1 </CODE></PRE> Thu, 20 Apr 2017 18:15:16 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342137#M63026 woodcock 2017-04-20T18:15:16Z https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342138#M63027 <P>cleelakrishna,</P> <P>If one of the below answers resolved your issue, could you please mark it Accepted? If they both did, Accept the most useful of the answers and upvote the other!</P> <P>If it did not, please post back with more information or what's not working right so we can help finish this up!</P> <P>Happy Splunking,<BR /> Rich</P> Sun, 16 Jul 2017 18:42:06 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-develop-a-regular-expression-for-my-file-paths-to-update/m-p/342138#M63027 Richfez 2017-07-16T18:42:06Z