How to ingest files with multiple dots in them

nls7010 · ‎02-19-2021

I am trying to upload documents from a user who's log files has multiple dots in the naming convention:

The logs have a *.0.1.log in its file extension, would it be possible to use *.*.*.log instead?

The logs have a *-20210218.000023-5644-5716.0.log in its file extension, would it be possible to use *.*.*.*.log instead?

The logs have a *-20201218.105324-11260-11240.0.log in its file extension, would it be possible to use *.*.*.log instead?

The logs have a *-20210209.145105-16220-11864.0.log in its file extension, would it be possible to use *.*.*.log instead?

The logs have a *-20201218.105324-25876-14744.0.log in its file extension, would it be possible to use *.*.*.log instead?

Is there a way to get all of these from .log to .*.*.*.log into Splunk using one monitoring stanza?

scelikok · ‎02-21-2021

Since monitor stanza supports regex you can try something below;

[monitor:///path/to/log/.*\-\d{8}\.\d+-\d+-\d+|.*\.\d\.log]

If this reply helps you an upvote and "Accept as Solution" is appreciated.

Join the Conversation