Solved: How to use wildcards on inputs.conf to monitor spe...

a212830 · ‎08-06-2014

Hi,

I need to monitor the following:

/apps/log//access/today

today is the file, but the webserver name directory could be almost anything. Some begin with www, some begin with https, some have dashes, some have .com....

What can I enter so that I monitor any dir that has -8443 (and then the subdirs listed).

strive · ‎08-07-2014

I did a quick test and this works. Try it

/apps/log/*-8443*/access/today

The directories that i created are like this

/apps/log/abc-8443=123/access/today  
/apps/log/abc.123.-8443=123/access/today  
/apps/log/123_abc_def.efg-8443=456/access/today
/apps/log/abc-8000=123/access/today

View solution in original post

strive · ‎08-07-2014

I did a quick test and this works. Try it

/apps/log/*-8443*/access/today

The directories that i created are like this

/apps/log/abc-8443=123/access/today  
/apps/log/abc.123.-8443=123/access/today  
/apps/log/123_abc_def.efg-8443=456/access/today
/apps/log/abc-8000=123/access/today

a212830 · ‎08-06-2014

I'm weak on regex. My concern is that something with multiple dots or dashes won't get picked up.

strive · ‎08-06-2014

did you try something like this
/apps/log/-8443/access/today

wildcards are not displayed in comment

/apps/log/star-8443star/access/today

How to use wildcards on inputs.conf to monitor specific directories?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!