https://community.splunk.com/t5/Splunk-Search/Splunk-Data-Input-Whitelist-Regex-not-matching/m-p/301838#M90881 <P>Thanks for the response. I had tried that, but it didn't work. After creating and assigning a new index, it started to work.</P> Mon, 10 Jul 2017 04:03:22 GMT beat_grob 2017-07-10T04:03:22Z https://community.splunk.com/t5/Splunk-Search/Splunk-Data-Input-Whitelist-Regex-not-matching/m-p/301836#M90879 <P>I am trying to add a directory input monitor to Splunk. In this directory I have many different CSV files. Since there are different types of CSV files in there, I'd like to create a data input for each CSV type.</P> <P>The file I am trying to filter is named like this:<BR /> 11046819.2017-07-07_23-26-33.messages.csv<BR /> 11046868.2017-07-08_00-58-38.messages.csv</P> <P>The files I am trying to avoid are named like this:<BR /> 11046868.1.2017-07-08_15_23_01.transform_properties.cfg.csv<BR /> 11046868.1.2017-07-08_15_23_01.print_properties.cfg.csv<BR /> 11046868.1.2017-07-08_15_23_01.positional_attributes.csv<BR /> 11046868.1.2017-07-08_15_23_01.policy_properties.cfg.csv</P> <P>Currently there are 8753 files in the directory, of which only 1094 are relevant. My Splunk Data Input configuration looks like this:<BR /> <IMG src="https://community.splunk.com/storage/temp/207766-8b1f0570-dc10-491f-a9f6-3b266fece154.jpg" alt="data input configuration" /></P> <P>After creating the input it shows me that it found 8753 files (amounting to the total number of files in that directory). However, it did not index any records, when I search for entries from that input type, no record is being displayed.</P> <P>If I remove the whitelist regex all files are being indexed and I can see them in the log viewer. But that doesn't allow me to create different extraction strategies for the different CSV file types.</P> <P>I have also tried using "*.messages.csv" and "*messages.csv", all of which produce the same outcome. What am I doing wrong?</P> Tue, 29 Sep 2020 14:49:11 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Data-Input-Whitelist-Regex-not-matching/m-p/301836#M90879 beat_grob 2020-09-29T14:49:11Z https://community.splunk.com/t5/Splunk-Search/Splunk-Data-Input-Whitelist-Regex-not-matching/m-p/301837#M90880 <P>These two regex strings work on regex101.com with your sample file names. </P> <PRE><CODE>.*\.messages\.csv \d+\.\d{4}-\d{2}-\d{2}_\d{2}-\d{2}-\d{2}\.messages\.csv </CODE></PRE> Sun, 09 Jul 2017 18:06:32 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Data-Input-Whitelist-Regex-not-matching/m-p/301837#M90880 richgalloway 2017-07-09T18:06:32Z https://community.splunk.com/t5/Splunk-Search/Splunk-Data-Input-Whitelist-Regex-not-matching/m-p/301838#M90881 <P>Thanks for the response. I had tried that, but it didn't work. After creating and assigning a new index, it started to work.</P> Mon, 10 Jul 2017 04:03:22 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Data-Input-Whitelist-Regex-not-matching/m-p/301838#M90881 beat_grob 2017-07-10T04:03:22Z