OS : windows 10
Splunk Ver : 7.2.3
I want to define first segment of below archive file as 'host' field when I upload it.
filename : hogehoge.zip
contents : /<host name>/ccc/ddd.txt
But in Splunk on windows, even if I choose Segment in path
and put Segment number as 1 at Input Settings
, it was not working.
* I could do it in Splunk on Linux!
Is this a specification? OR issues?
@yutaka1005, I think you have got wrong behavior of segmentation. Instead of the zip file can you try the folder tree and upload only one file ddd.txt to test whether segmentation is picking up correct host name or not?
Hi @yutaka1005
Are you still having trouble with this issue? If so, please answer the commenter above so that they can help you further. Or, if you solved your query, would you mind describing the steps you took as an answer below so that others can learn from your solution?
Thanks for posting!
@p_gurav
Thank you for comment!
I tried putting host_segment value as 3, but it was still not working...
@niketnilay
Thank you for comment!
If I monitor normal tree folders, I can get host field by segmentation!
@mstjohn_splunk
Thank you for comment!
Even now, I do not know how to solve this ...
Hi,
According to the source field getting into Splunk, can you try putting host_segment value as 3.