Solved: How to edit my wildcard syntax to monitor logs fro...

marellasunil · ‎06-27-2016

I am trying to extract a log file using below configuration in inputs.conf

C:/logs/28062016/*.log

28062016 is the current date.

I have been trying the below paths, non of these are working.

C:/logs/*/*.log
C:/logs/.../*.log

Can anyone help me?

ddrillic · ‎06-27-2016

C:/logs/.../*.log should work ... or maybe C:\logs\...\*.log

The following speaks about it - Specify input paths with wildcards

It says -

-- The ellipsis wildcard recurses through directories and any number of levels of subdirectories to find matches.
If you specify a folder separator ...

/foo/.../bar.log matches the files /foo/1/bar.log, /foo/2/bar.log...

View solution in original post

ddrillic · ‎06-27-2016

C:/logs/.../*.log should work ... or maybe C:\logs\...\*.log

The following speaks about it - Specify input paths with wildcards

It says -

-- The ellipsis wildcard recurses through directories and any number of levels of subdirectories to find matches.
If you specify a folder separator ...

/foo/.../bar.log matches the files /foo/1/bar.log, /foo/2/bar.log...

How to edit my wildcard syntax to monitor logs from a file path that contains the current date?

Thanks for the Memories! Splunk University, .conf24, and Community Connections

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...