Getting Data In

How can we monitor all log files in current directory and sub-directories?

Ultra Champion

We wonder whether [monitor:///<source>/logs/*.log] would monitor all log files in the <source>/logs directory and also in sub-directories under <source>/logs, such as <source>/logs/2016121404.

We wonder whether [monitor:///<source>/logs/.../*.log] would get the data from both areas...

0 Karma
1 Solution

Legend

If you want to monitor all logs in the /source/logs directory, you can simply do this

[monitor:///source/logs/]
whitelist=\.log$

I think that is the cleanest and easiest to understand. But this should do the same thing

[monitor:///source/logs/.../*.log]

In either case, Splunk will walk the entire directory tree, starting from /source/logs, and index any file it finds where the file path ends in ".log"

View solution in original post

Legend

If you want to monitor all logs in the /source/logs directory, you can simply do this

[monitor:///source/logs/]
whitelist=\.log$

I think that is the cleanest and easiest to understand. But this should do the same thing

[monitor:///source/logs/.../*.log]

In either case, Splunk will walk the entire directory tree, starting from /source/logs, and index any file it finds where the file path ends in ".log"

View solution in original post

Ultra Champion

Gorgeous!!