Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

monitor file with dynamic directiory name

wickett
New Member
‎11-02-2011 05:42 AM

I have the following folder listing in C:\Resources\Directory\ which the naming of the folder are dynamic. It changes dynamically when logs are created with this type of prefix (dynamic).(dynamic).(Fixed)

Example :
(dynamic) . (dynamic) . (Fixed)
0068f67b289b43dfb5302cb26cb9e536.KeyValidationWebRole.DiagnosticStore
0068f67b289b43dfb5302cb26cb9e536.KeyValidationWebRole.localInstallDirectory
0068f67b289b43dfb5302cb26cb9e536.KeyValidationWebRole.LogStorage

Questions :

  • Let say I want to index all files under 0068f67b289b43dfb5302cb26cb9e536.KeyValidationWebRole.DiagnosticStore. Can I structure my inputs.conf monitor stanza using wildcards example for all new created dynamic foldername ? :
[monitor://C:\Resources\Directory\*.*.DiagnosticStore]
disabled = false
followTail = 0
sourcetype = mysourcetype
  • Let say in my inputs.conf I index entire folder under C:\Resources\Directory but there is several files under *.KeyValidationWebRole.DiagnosticStore which needs props.conf to change the encoding. How do I write the config stanza that need the encoding exception ?
0 Karma
Reply

tgow
Splunk Employee
Splunk Employee
‎11-02-2011 08:04 AM

Looking at the online docs I see the following:

Note concerning wildcards and monitor:

  • You can use wildcards to specify your input path for monitored input. Use "..." for recursive directory matching and "*" for wildcard matching in a single directory segment.
  • "..." recurses through directories. This means that /foo/.../bar will match foo/bar, foo/1/bar, foo/1/2/bar, etc.
  • You can use multiple "..." specifications in a single input path. For example: /foo/.../bar/...
  • The asterisk () matches anything in a single path segment; unlike "...", it does not recurse. For example, /foo//bar matches the files /foo/bar, /foo/1/bar, /foo/2/bar, etc. However, it does not match /foo/1/2/bar . A second example: /foo/m*r/bar matches /foo/bar, /foo/mr/bar, /foo/mir/bar, /foo/moor/bar, etc.
  • You can combine "" and "..." as required: foo/.../bar/ matches any file in the bar directory within the specified path.

Are there files under the DiagnosticStore directory?

[monitor://C:\Resources\Directory...DiagnosticStore...]

Does this work.

Here is the link to more info in the Docs:

http://docs.splunk.com/Documentation/Splunk/4.2.4/admin/Inputsconf

0 Karma
Reply

tgow
Splunk Employee
Splunk Employee
‎11-02-2011 06:16 AM

On the first question, I would use the "..." syntax in your monitor stanza. For instance:

[monitor://C:\Resources\Directory...DiagnosticStore]

On the second question you can use the "..." syntax as well in the prop.conf to pull out only certain files and give them specific encoding. For instance:

[source::...KeyValidationWebRole.DiagnosticStore...]
sourcetype=awesome

Might help to see what the file names under this directory.

0 Karma
Reply

wickett
New Member
‎11-02-2011 07:10 AM

Tried your solution and it does not work

Not working

[monitor://C:\Resources\Directory\ ..DiagnosticStore]

[monitor://C:\Resources\Directory\...DiagnosticStore]

[monitor://C:\Resources\Directory\*DiagnosticStore]

Any suggestions ??

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...