Solved: When trying to monitor two logs file formal from t...

clementros · ‎03-15-2019

Hi,

I'm trying to monitor 2 logs file format (.out & .err) from a same directory (/var/splunkdata).

I use the CLI command to execute the add monitor command :

sudo /opt/splunkforwarder/bin/splunk add monitor /var/splunkdata/*.out -index nbtktfed -sourcetype NBTKTFED.out

This command generate the following result :

Parameters must be in the form '-parameter value'

I don't know what i'm doing wrong.

Any idea ?

nickhills · ‎03-15-2019

try:
./splunk add monitor -source "/var/splunkdata/*.out" -index nbtktfed -sourcetype "NBTKTFED.out"

If my comment helps, please give it a thumbs up!

View solution in original post

nickhills · ‎03-15-2019

try:
./splunk add monitor -source "/var/splunkdata/*.out" -index nbtktfed -sourcetype "NBTKTFED.out"

If my comment helps, please give it a thumbs up!

clementros · ‎03-15-2019

Thanks you !

nickhills · ‎03-15-2019

You're welcome -source is not mandatory but sometimes I have found it useful to specify it and "quote" the paths to make it clear to Splunk what you are trying to do.
Please upvote this answer to help others in the future!
All the best.

If my comment helps, please give it a thumbs up!

When trying to monitor two logs file formal from the same directory, why is it throwing an error: Parameters must be in the form '-parameter value'?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life