Getting Data In
Highlighted

How to use wildcards on inputs.conf to monitor specific directories?

Champion

Hi,

I need to monitor the following:

/apps/log//access/today

today is the file, but the webserver name directory could be almost anything. Some begin with www, some begin with https, some have dashes, some have .com....

What can I enter so that I monitor any dir that has -8443 (and then the subdirs listed).

Highlighted

Re: How to use wildcards on inputs.conf to monitor specific directories?

Influencer

did you try something like this
/apps/log/-8443/access/today

wildcards are not displayed in comment

/apps/log/star-8443star/access/today

0 Karma
Highlighted

Re: How to use wildcards on inputs.conf to monitor specific directories?

Champion

I'm weak on regex. My concern is that something with multiple dots or dashes won't get picked up.

0 Karma
Highlighted

Re: How to use wildcards on inputs.conf to monitor specific directories?

Influencer

I did a quick test and this works. Try it

/apps/log/*-8443*/access/today

The directories that i created are like this

/apps/log/abc-8443=123/access/today  
/apps/log/abc.123.-8443=123/access/today  
/apps/log/123_abc_def.efg-8443=456/access/today
/apps/log/abc-8000=123/access/today

alt text

View solution in original post

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.