Getting Data In

How can we monitor all log files in current directory and sub-directories?

Ultra Champion

We wonder whether [monitor:///<source>/logs/*.log] would monitor all log files in the <source>/logs directory and also in sub-directories under <source>/logs, such as <source>/logs/2016121404.

We wonder whether [monitor:///<source>/logs/.../*.log] would get the data from both areas...

0 Karma
1 Solution

Legend

If you want to monitor all logs in the /source/logs directory, you can simply do this

[monitor:///source/logs/]
whitelist=\.log$

I think that is the cleanest and easiest to understand. But this should do the same thing

[monitor:///source/logs/.../*.log]

In either case, Splunk will walk the entire directory tree, starting from /source/logs, and index any file it finds where the file path ends in ".log"

View solution in original post

Legend

If you want to monitor all logs in the /source/logs directory, you can simply do this

[monitor:///source/logs/]
whitelist=\.log$

I think that is the cleanest and easiest to understand. But this should do the same thing

[monitor:///source/logs/.../*.log]

In either case, Splunk will walk the entire directory tree, starting from /source/logs, and index any file it finds where the file path ends in ".log"

View solution in original post

Ultra Champion

Gorgeous!!

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!