I have a group of 6 hosts logging into splunk but I am having trouble getting the specific log files in. An example of the path and file is:
/opt/TalendRemoteEngine/TalendJobServersFiles/jobexecutions/logs/20220817205900_iC1V4/resuming_20220817205900_iC1V4.log
Both the last directory name and the log filename are always going to be different each time a log is generated so I'm trying to use wildcards such as /opt/TalendRemoteEngine/TalendJobServersFiles/jobexecutions/logs/*/*.log but this is not working. My $SPLUNK_HOME/etc/deployment-apps/Splunk_TA_nix/local/inputs.conf file in the looks like this:
[monitor:///opt/TalendRemoteEngine/TalendJobServersFiles/jobexecutions/logs/.../*.log]
disabled = 0
Any suggestions as to why this does not work and what I should use or try?
Many thanks
@balcv - I do not see any reason why it should not collect the logs but I can give you a few pointers for troubleshooting.
I hope this helps!!! Upvote would be appreciated!!!
@balcv - I do not see any reason why it should not collect the logs but I can give you a few pointers for troubleshooting.
I hope this helps!!! Upvote would be appreciated!!!
And of course verify that your forwarder is able to read those files and directories!
There are so many hours lost on debugging ingestion problems which at the end turn out to be just forwarder user not having rights to read the file 😉
Just
sudo -u <your splunk UF user> bash
ls -Fla /path/to/the/dir/where/files/are
tail <one file on that dir>