Getting Data In

Can we use OR condition in monitoring stanza

Naga
Engager

Good day Team,

I have a application which contains 5 servers. Each server is having different path. But the end is to read error.log and wrapper.log

/log/apple/production/A1/error.log

/log/ball/production/A2/error.log

..

Here I can use regex like this in monitor stanza -- /log/*/prodcution/*/error.log

But the problem is each server is having many folders for that *. I dont want all folders. Need only few. 

Say the first star. I want only apple or ball or cat. If it is any other name in any server I can ignore

Similarly take the second star. I want only A1 or A2  or A3. I can ignore B1 or C1 or so. 

 

So is it possible to write like that using any regex either in inputs itself or using props?

Labels (2)
0 Karma

somesoni2
Revered Legend
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, a MONITOR stanza name can contain a regular expression, but only if that stanza name also uses the "*" or "..." operator.  Those operators trigger the regex parser.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...