Hey guys, I guess this is a simple question but all the answers I look at seem very complicated for what I want.
I want splunk to do a monitor on C:\Program Files on extensions *.exe, *.com, *.scr and *.dll
But when I try
[monitor://C:\Program Files]
sourcetype = fileExtensions
whitelist = *.exe, *.dll, *.scr, *.com
I get ALL the files in Program Files appearing in the Splunk search.
I guess I am doing whitelisting wrong, any help?
Hi M-A 🙂
whitelist and blacklist are not a list of values, but a regular expression.
Have a look at the bottom of this page: http://docs.splunk.com/Documentation/Splunk/5.0/data/Specifyinputpathswithwildcards
Hi M-A 🙂
whitelist and blacklist are not a list of values, but a regular expression.
Have a look at the bottom of this page: http://docs.splunk.com/Documentation/Splunk/5.0/data/Specifyinputpathswithwildcards
Salut, thanks, I couldn't find that document