Getting Data In

How to continuously monitor a file from a shared folder or path?

Hai All,

Please help me out to understand. how to continuously monitor a file from a shared folder or path?

Thanks in advance..

SplunkTrust
SplunkTrust

in inputs.conf, add [monitor:///full/path/to/file]
you can also use wildcards to constantly monitor many files:
[monitor:///full/path/to/*.log]
here all the files that ends with .log
read all documentation here:
http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/Monitorfilesanddirectorieswithinputs.conf

hope it hepls

0 Karma

SplunkTrust
SplunkTrust

Its same as splunk file monitors if you are including the absolute path
Ref : https://docs.splunk.com/Documentation/Splunk/7.1.2/Data/Monitorfilesanddirectorieswithinputs.conf
Are you facing any issues?

@renjith.nair

I haven't tried it yet.. Just wanna get some idea about how to do it . So i posted a question.

0 Karma

SplunkTrust
SplunkTrust

Suggest you to try that first and let the community know if you have any issues.

0 Karma

@renjith.nair,

No issues.. I'm about to try that one. :-)..

Thanks

0 Karma

Contributor

Per documentation

[monitor://]
* This directs a file monitor input to watch all files in .
* can be an entire directory or a single file.
* You must specify the input type and then the path, so put three slashes in
your path if you are starting at the root on *nix systems (to include the
slash that indicates an absolute path).

0 Karma