Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I monitor the same file on different drives in windows?

deloach
Engager
‎07-30-2013 12:40 PM

I'm trying to monitor the same file on different drives on Windows systems. I tried putting a wildcard into the inputs.conf but that doesn't seem to work for a drive letter.

For instance I have these two different paths:
C:\Program Files\folder\file.txt
D:\Program Files\folder\file.txt

I tried editing my inputs.conf as below
[monitor://*:\Program Files\folder\file.txt]
[monitor://Program Files\folder\file.txt]

No luck with either one and I haven't been able to find any other questions addressing this.

Tags (1)
0 Karma
Reply

khushi4u21
Engager
‎05-15-2017 03:40 AM

was the solution found for this requirement to monitor same files under different directories ?

Reply

anewell
Path Finder
‎05-15-2017 10:27 AM

If you need a solution for a fleet of hosts, where one file might appear in a number of different known locations across different endpoints, due to inconsistent builds or what have you.. Splunk honors Windows environment variables, but does so with "linuxy" syntax. So I have the build orchestration set a system-wide envvar %APPLOGS% to either "C:\path" or "D:\path" on the host, and then do a [monitor://$APPLOGS\file.log] stanza in my inputs.conf. The key is the two different dialects of environment variable.

0 Karma
Reply

khushi4u21
Engager
‎05-15-2017 11:37 PM

Actually we can not get this env variable created on thousands of desktops. Need a generic solution which can only be implemented using splunk config.

0 Karma
Reply

jstockamp
Communicator
‎07-30-2013 01:34 PM

You could try a regex in the path:

[monitor://[A-Z]:\Program Files\folderfile.txt]

http://docs.splunk.com/Documentation/Splunk/5.0.3/Data/Specifyinputpathswithwildcards

Reply

aholzer
Motivator
‎07-30-2013 01:24 PM

I believe you are looking for the ellipses option. See documentation:
http://docs.splunk.com/Documentation/Splunk/5.0.3/Data/Specifyinputpathswithwildcards

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...