Getting Data In

Monitor different sourcetype in sub-directories

lain179
Communicator

I have to monitor two source types in this following directory structure

\\Server\Path\{can be any name}.log == > sourcetype = FirstLog

\\Server\Path\SubPath\{can be any name}.csv == > sourcetype = SecondLog

How do I set up the inputs.conf? Right now, my first monitor for \\Server\Path is working but the next monitor for \\Server\Path\SubPath is not working.

Tags (1)
0 Karma

JSapienza
Contributor

Set the monitor specific to the file in your inputs.conf :

[monitor://\\Server\share\*.log]
sourcetype = FirstLog

[monitor://\\Server\Share\Directory\*.csv]
sourcetype = SecondLog
0 Karma

JSapienza
Contributor

It was a suggestion is you are have trouble accessing the files by UNC path. I modified the example to reflect using a wildcard for the file name.

0 Karma

lain179
Communicator

Sorry, I don't understand what it has anything to do with my problem with assigning log files from subdirectories to different sourcetype.

*** Also I can't hard code the name of the log files because as I described log file name can vary. It can be any name.

0 Karma

JSapienza
Contributor

The inputs.conf example should still work. If you are using UNC paths then you might want to take a look at this:
http://splunk-base.splunk.com/answers/35281/splunk-index-logs-from-network-drive

0 Karma

lain179
Communicator

Sorry, the slashes didn't show up correctly in my message. That's not what I need. I updated the message above.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...