Getting Data In

Inputs.conf configuration to monitor 2 catalina log files in same directory with different formats and sourcetypes?

a212830
Champion

Hi,

I need to monitor two catalina logfiles that are in the same directory, but have different formats (and sourcetypes).

The naming convention is ../catalina.YYYY-MM-DD.log and catalina.out.YYYY-MM-DD.log

How would I setup inputs to handle this?

Tags (1)
1 Solution

somesoni2
Revered Legend

Try this in the inputs.conf

Updated

[monitor://your_directory/catalina.*.log] 
disabled = false 
followTail = 0 
sourcetype = your_sourcetype1
whitelist = catalina\.\d+-\d+-\d+\.log

[monitor://your_directory/catalina.out.*.log] 
disabled = false 
followTail = 0 
sourcetype = your_sourcetype2
whitelist = catalina\.out\.\d+-\d+-\d+\.log

View solution in original post

somesoni2
Revered Legend

Try this in the inputs.conf

Updated

[monitor://your_directory/catalina.*.log] 
disabled = false 
followTail = 0 
sourcetype = your_sourcetype1
whitelist = catalina\.\d+-\d+-\d+\.log

[monitor://your_directory/catalina.out.*.log] 
disabled = false 
followTail = 0 
sourcetype = your_sourcetype2
whitelist = catalina\.out\.\d+-\d+-\d+\.log

somesoni2
Revered Legend

My bad, I didn't read the question properly. Try the updated answer.

a212830
Champion

I have different sourcetypes that need to be mapped - the out goes to one sourcetype, the other to a different one. This doesn't appear to address that.

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...