Is it possible to use regex in the file_path setting for the File/Directory Information Input app.
Here is what I am trying to get to
I have tried
I have also tried several different regex options for *.cdi_Error1. To many to list.
When I try the above options I am receiving this message in the filemetadatamodularinput.log
Not sure why the 2nd message shows it was complete but it definitely did not pull in the information.
I also tried using whitelist
But then I get this message
I know that I can set the filepath setting to E:\Folder\Folder2 and set recurse = 1 but this then pulls in some 50000 files and I only need the .cdiError1 files.
I also know that if I pull in the 50000 files I can just use logic in the search parameters to filter out only the .cdi_Error1 files but this server is already heavily used and I do not want to put more stress on it by grabbing metadata for 50000 files. Plus its just a lot of data that I do not need to index.
I did try restarting splunk on both the indexer, search head and forwarder many times but it did not help.
Any help is appreciated. Thank you
ohk.. that File/Directory Information Input was built by Luke Murphey.
as per the above reply from Luke Murphey, Regular expressions and wild-cards are not currently supported.