Solved: Inputs.conf configuration to monitor 2 catalina lo...

a212830 · ‎07-28-2014

Hi,

I need to monitor two catalina logfiles that are in the same directory, but have different formats (and sourcetypes).

The naming convention is ../catalina.YYYY-MM-DD.log and catalina.out.YYYY-MM-DD.log

How would I setup inputs to handle this?

somesoni2 · ‎07-28-2014

Try this in the inputs.conf

Updated

[monitor://your_directory/catalina.*.log] 
disabled = false 
followTail = 0 
sourcetype = your_sourcetype1
whitelist = catalina\.\d+-\d+-\d+\.log

[monitor://your_directory/catalina.out.*.log] 
disabled = false 
followTail = 0 
sourcetype = your_sourcetype2
whitelist = catalina\.out\.\d+-\d+-\d+\.log

View solution in original post

somesoni2 · ‎07-28-2014

Try this in the inputs.conf

Updated

[monitor://your_directory/catalina.*.log] 
disabled = false 
followTail = 0 
sourcetype = your_sourcetype1
whitelist = catalina\.\d+-\d+-\d+\.log

[monitor://your_directory/catalina.out.*.log] 
disabled = false 
followTail = 0 
sourcetype = your_sourcetype2
whitelist = catalina\.out\.\d+-\d+-\d+\.log

somesoni2 · ‎07-28-2014

My bad, I didn't read the question properly. Try the updated answer.

a212830 · ‎07-28-2014

I have different sourcetypes that need to be mapped - the out goes to one sourcetype, the other to a different one. This doesn't appear to address that.

Inputs.conf configuration to monitor 2 catalina log files in same directory with different formats and sourcetypes?

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...