Solved: Need help w/ Ubuntu host_regex

clintla · ‎11-10-2011

I've had a splunk install on windows working great & now I've moved to an Ubuntu & having
problems just with my host_regex in inputs.conf.

My windows regex worked great.

Moved to Ubuntu & looks like
host_regex = \/\/NFS\/LOGS/\getdisks\/(\S+)-DISK.txt$

files look like this.

/NFS/LOGS/getdisks/LOC1-Server1-DISK.txt

/NFS/LOGS/getdisks/LOC2-Server-1-DISK.txt

/NFS/LOGS/getdisks/LOC3-Server2-DISK.txt

/NFS/LOGS/getdisks/LOC1-Server2-DISK.txt

/NFS/LOGS/getdisks/LOC2-Server-2-DISK.txt

/NFS/LOGS/getdisks/LOC2-Server-3-DISK.txt

it really doesnt give you a hint where your going wrong. I've pumped it into
a REGEX tester & it seems right. I know it should work.

Anyone care to throw in something else to try?

clintla · ‎11-10-2011

host_regex = :/NFS/LOGS/getdisks/(\S+)-DISK.txt$

finally tried enough & it worked

clintla · ‎11-10-2011

host_regex = :/NFS/LOGS/getdisks/(\S+)-DISK.txt$

finally tried enough & it worked

Need help w/ Ubuntu host_regex