ok, my sources use syntax like \dir\dir\...\log so that it recursively finds all of my log files.
but now i see this in Splunk errors report (splunk v4.3.1 for linux)
03-19-2012 13:11:32.755 -0400 ERROR TailingProcessor - matching /logs/syslog/ironports/hostA/2012/03/ against ^/logs/syslog/ironports/.*/log$
so why the tailing error? kinda a silly event as it gives no info as to what the error was.
why does this report show a modified regex for the dir path? me personally, i dont like configs to look like one thing in one place and something else in another place. so instead of using ... in my source paths i should use .* ?? (question marks to indicate this is a question, etc)