Solved: How do I monitor files in a folder as well as the ...

andyk · ‎11-30-2010

Hi,

I want to monitor the files in E:\data\pnlog as well as all the files in the subfolders. Is there any way to simplify this or a way to get this done in one stanza?

[monitor://E:\Data\pnlog\...\*]
whitelist = \.log$
disabled = false
followTail = 0
_TCP_ROUTING = pnlogGroup

[monitor://E:\Data\pnlog\*]
whitelist = \.log$
disabled = false
followTail = 0
_TCP_ROUTING = pnlogGroup

// Andreas

ziegfried · ‎11-30-2010

If you define a monitor on a folder, it is recursive by default. So if you specify

[monitor://E:\Data\pnlog]
whitelist = \.log$
disabled = false
followTail = 0
_TCP_ROUTING = pnlogGroup

It will montor all files recursivly that match the whitelist expression.

View solution in original post

ziegfried · ‎11-30-2010

If you define a monitor on a folder, it is recursive by default. So if you specify

[monitor://E:\Data\pnlog]
whitelist = \.log$
disabled = false
followTail = 0
_TCP_ROUTING = pnlogGroup

It will montor all files recursivly that match the whitelist expression.

ziegfried · ‎11-30-2010

Yes. Quote "If the specified directory contains subdirectories, Splunk recursively examines them for new files." in http://www.splunk.com/base/Documentation/latest/Admin/Monitorfilesanddirectories

andyk · ‎11-30-2010

Thank you! Is this to be found in the documentation?

How do I monitor files in a folder as well as the files in all subfolders?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases