Hi all,
I want to create a monitoring stanza that comnines the below log paths
[monitor:///opt/tomcat/logs/localhost_access_log*.log]
[monitor:///opt/rh/jws5/root/usr/share/tomcat/logs/localhost_access_log*.log]
[monitor:///opt/prozone/tas-community-7.6-1/multiserver/logs/localhost_access_log*.log]
[monitor:///opt/apache-tomcat*/logs/localhost_access_log*.log]
[monitor:///opt/atlassian/jira/logs/localhost_access_log*.log]
Will something like this work for all?
[monitor:///opt/../.../logs/localhost_access_log*.log]
[monitor:///opt/../.../.../logs/localhost_access_log*.log]
What would be the best solution that you guys would propose?
Thank you
O.
Hi @ojay
As per inputs conf,
Use
"..." for recursive directory matching and "*" for wildcard matching in a
single directory segment.
* "..." recurses through directories. This means that /foo/.../bar matches
foo/1/bar, foo/1/2/bar, etc.
For your case a single monitor stanza should work for all directory combinations, I am hoping you will be using same sourcetype as all these logs of same type.
[monitor:///opt/.../logs/localhost_access_log*.log]
You can go through inputs conf spec here https://docs.splunk.com/Documentation/Splunk/latest/admin/inputsconf#MONITOR:
-------------------------------------------------------------
An upvote would be appreciated if it helps!
Hi @ojay
As per inputs conf,
Use
"..." for recursive directory matching and "*" for wildcard matching in a
single directory segment.
* "..." recurses through directories. This means that /foo/.../bar matches
foo/1/bar, foo/1/2/bar, etc.
For your case a single monitor stanza should work for all directory combinations, I am hoping you will be using same sourcetype as all these logs of same type.
[monitor:///opt/.../logs/localhost_access_log*.log]
You can go through inputs conf spec here https://docs.splunk.com/Documentation/Splunk/latest/admin/inputsconf#MONITOR:
-------------------------------------------------------------
An upvote would be appreciated if it helps!