All Apps and Add-ons

Need help w/ Ubuntu host_regex

clintla
Communicator

I've had a splunk install on windows working great & now I've moved to an Ubuntu & having
problems just with my host_regex in inputs.conf.

My windows regex worked great.

Moved to Ubuntu & looks like
host_regex = \/\/NFS\/LOGS/\getdisks\/(\S+)-DISK.txt$

files look like this.

/NFS/LOGS/getdisks/LOC1-Server1-DISK.txt

/NFS/LOGS/getdisks/LOC2-Server-1-DISK.txt

/NFS/LOGS/getdisks/LOC3-Server2-DISK.txt

/NFS/LOGS/getdisks/LOC1-Server2-DISK.txt

/NFS/LOGS/getdisks/LOC2-Server-2-DISK.txt

/NFS/LOGS/getdisks/LOC2-Server-3-DISK.txt

it really doesnt give you a hint where your going wrong. I've pumped it into
a REGEX tester & it seems right. I know it should work.

Anyone care to throw in something else to try?

1 Solution

clintla
Communicator

host_regex = :/NFS/LOGS/getdisks/(\S+)-DISK.txt$

finally tried enough & it worked

View solution in original post

clintla
Communicator

host_regex = :/NFS/LOGS/getdisks/(\S+)-DISK.txt$

finally tried enough & it worked

View solution in original post