Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to Watch Multiple Log Files with Similar Names with Universal Forwarder

yourknightmares
Explorer
‎12-06-2021 10:03 PM

Hi, I'm setting up Splunk Universal Forwarder to watch logs generated from an application I have in AWS Elastic Beanstalk. This is done by running shell script installing the Universal Forwarder and setting up monitors.

 

Simple enough. The problem is my application logs into a rolling file, meaning after a certain amount of data has been entered into the file (10MB in this example) it then creates a new file in the same location named "example 1.log" then "example 2.log", etc.

 

Currently I've tried using the below command to set up all the monitors with no success:

/opt/splunkforwarder/bin/splunk add monitor "/var/logs/example*"

 

How can I capture all the files it will create?

Labels (4)
0 Karma
Reply

manjunathmeti
Champion
‎12-06-2021 10:49 PM

What is the issue? Are you getting duplicate data or no data at all?

0 Karma
Reply

yourknightmares
Explorer
‎12-07-2021 07:56 AM

No data at all

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...