I have the following files that are being monitored on a server with a universal forwarder.
/var/log/www1/secure.log
/var/log/www1/access.log
/var/log/www2/secure.log
/var/log/www2/access.log
Is there a way to use wildcards to get btprobe to reset and reindex the content of those files.
Keep in mind that the /var/log/ directory has other subfolders that are being monitored that I don't want to reset those, so purging the fishbucket folder is out of question.
Even if wildcards worked (there's no indication that they do), it would be too risky to use them; just do this from shell in bash:
for file in /var/log/www1/secure.log /var/log/www1/access.log /var/log/www2/secure.log /var/log/www2/access.log
do
echo resetting $file...
$SPLUNK_HOME/bin/splunk cmd btprobe -d $SPLUNK_HOME/var/lib/splunk/fishbucket/splunk_private_db --file $file --reset
done
Even if wildcards worked (there's no indication that they do), it would be too risky to use them; just do this from shell in bash:
for file in /var/log/www1/secure.log /var/log/www1/access.log /var/log/www2/secure.log /var/log/www2/access.log
do
echo resetting $file...
$SPLUNK_HOME/bin/splunk cmd btprobe -d $SPLUNK_HOME/var/lib/splunk/fishbucket/splunk_private_db --file $file --reset
done