Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I specify which sources should be indexed from data inputs and not the entire directory?

rwiltzius
Explorer
‎12-01-2015 12:34 PM

Hello,

Please bear with me because I'm new to Splunk and I've only just started using it today. Also note that I am currently running their trial and have not purchased anything yet.

I am looking to index the Application logs from our PeopleSoft server, which are stored as APPSRV_*.LOG on the PeopleSoft server. A new log file is created for each day and the format is APPSRV_MMDD.LOG. Within the directory that the APPSRV logs are stored are other files that are of no interest to me at the moment.

I currently have my data input setup as a UNC path to the directory, but I don't know how to only allow indexing on the APPSRV_MMDD.LOGs and not the others. Is there a way to index only certain file names by using a wildcard and not others, or must I index the entire directory? Please let me know if you have any questions.

Thank you,

Robert

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎12-01-2015 01:21 PM

See if this gets you what you are looking for http://docs.splunk.com/Documentation/Splunk/6.2.0/Data/Specifyinputpathswithwildcards

Basically, you will have something like [monitor:///APPSRV_*.log]

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎12-01-2015 01:21 PM

See if this gets you what you are looking for http://docs.splunk.com/Documentation/Splunk/6.2.0/Data/Specifyinputpathswithwildcards

Basically, you will have something like [monitor:///APPSRV_*.log]

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...