Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: How can I monitor the same file on different d...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can I monitor the same file on different drives in windows?
deloach
Engager
07-30-2013
12:40 PM
I'm trying to monitor the same file on different drives on Windows systems. I tried putting a wildcard into the inputs.conf but that doesn't seem to work for a drive letter.
For instance I have these two different paths:
C:\Program Files\folder\file.txt
D:\Program Files\folder\file.txt
I tried editing my inputs.conf as below
[monitor://*:\Program Files\folder\file.txt]
[monitor://Program Files\folder\file.txt]
No luck with either one and I haven't been able to find any other questions addressing this.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
khushi4u21
Engager
05-15-2017
03:40 AM
was the solution found for this requirement to monitor same files under different directories ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
anewell
Path Finder
05-15-2017
10:27 AM
If you need a solution for a fleet of hosts, where one file might appear in a number of different known locations across different endpoints, due to inconsistent builds or what have you.. Splunk honors Windows environment variables, but does so with "linuxy" syntax. So I have the build orchestration set a system-wide envvar %APPLOGS% to either "C:\path" or "D:\path" on the host, and then do a [monitor://$APPLOGS\file.log] stanza in my inputs.conf. The key is the two different dialects of environment variable.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
khushi4u21
Engager
05-15-2017
11:37 PM
Actually we can not get this env variable created on thousands of desktops. Need a generic solution which can only be implemented using splunk config.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jstockamp
Communicator
07-30-2013
01:34 PM
You could try a regex in the path:
[monitor://[A-Z]:\Program Files\folderfile.txt]
http://docs.splunk.com/Documentation/Splunk/5.0.3/Data/Specifyinputpathswithwildcards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aholzer
Motivator
07-30-2013
01:24 PM
I believe you are looking for the ellipses option. See documentation:
http://docs.splunk.com/Documentation/Splunk/5.0.3/Data/Specifyinputpathswithwildcards
Get Updates on the Splunk Community!
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
Splunk AppDynamics Agents Webinar Series
Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...
SplunkTrust Application Period is Officially OPEN!
It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open!
If you ...
