All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is Website setup dynamic because the name of logging file is changing with time and date?

dban2005
New Member
‎02-27-2018 12:10 PM

We are collecting iis logs from three Windows Web servers for a very large application. Initially I named the sourcetype as iis_default and have just changed to iis to make the files to appear in Website setup of Web Analytics. The sources (log files) have appeared with wildcard filter . Now the problem is the name of the log file is changing every few hours to capture new logs. All the log files are located at D:\IISLogs\PRD\LogFiles\W3SVC, so the examples of log files are as below.
D:\IISLogs\PRD\LogFiles\W3SVC9\x_yz20180225.log
D:\IISLogs\PRD\LogFiles\W3SVC9\x_yz20180226.log
D:\IISLogs\PRD\LogFiles\W3SVC9\x_yz20180227.log

My inputs.conf:

[monitor://D:\IISLogs\PRD\LogFiles\W3SVC*\]
sourcetype = iis
disabled = false
recursive = true
alwaysOpenFile = true
blacklist = .*\.zip$
index = abcd-index.

In the Setup new website section, can I set up as D:\IISLogs\PRD\LogFiles\W3SVC*? If so, is "Configured websites" dynamic? Can it automatically take care when any new log file arrives?

On a separate question: Do I need to setup the lookups and rebuild Data Model Acceleration every time I configure a new website?

0 Karma
Reply

sbrice18
Path Finder
‎04-17-2018 01:08 PM

When we add a new site we do re-run the look-up's, this is how the data gets published in the DM. You are probably aware the rebuild on the DM takes a bit of time. We are still in test phase, so we do rebuild the DM with any changes we apply.

Yes to your first question, it will see the new logs as they rotate into the directory.

0 Karma
Reply

dban2005
New Member
‎02-27-2018 12:20 PM

Correction: All the log files are located at D:\IISLogs\PRD\LogFiles\W3SVC*

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...