I've had a splunk install on windows working great & now I've moved to an Ubuntu & having
problems just with my host_regex in inputs.conf.
My windows regex worked great.
Moved to Ubuntu & looks like
host_regex = \/\/NFS\/LOGS/\getdisks\/(\S+)-DISK.txt$
files look like this.
it really doesnt give you a hint where your going wrong. I've pumped it into
a REGEX tester & it seems right. I know it should work.
Anyone care to throw in something else to try?
host_regex = :/NFS/LOGS/getdisks/(\S+)-DISK.txt$
finally tried enough & it worked
View solution in original post