Re: Monitoring an entire folder with yesterday fla...

royimad · ‎06-25-2013

Hello Splunk Experts,

I have a folder that i need to monitored entirely:
the folder contains a list that is represented by the following:

namefile1_yyyymmdd.csv
namefile2_yyyymmdd.csv
namefile3_yyyymmdd.csv

each day this folder will contains CSV's from yesterday,
How splunk could monitor automatically such folder?

Thanks,

royimad · ‎07-10-2013

vi inputs.conf
[monitor:///home/splunk/devicescollect/AgentsReads]
disabled = false
followTail = 0
host = dcpcontroller.wavemark.net
sourcetype = AgentsReads
crcSalt=
[monitor:///home/splunk/devicescollect/DevicesReads]
disabled = false
followTail = 0
host = dcpcontroller.wavemark.net
sourcetype = DevicesReads
crcSalt=
[monitor:///home/splunk/devicescollect/DevicesInfo]
disabled = false
followTail = 0
host = dcpcontroller.wavemark.net
sourcetype = DevicesInfo
crcSalt=

The above line will tell splunk to monitor the entire directory , there are mainly 3 directories created ( folders)
-AgentsReads
-DevicesReads
-DevicesInfo

royimad · ‎06-25-2013

I need from splunk to monitor only files of yesterday in that folder to reduce CPU consumption. I found that i can use ignoreOlderThan =

kristian_kolb · ‎06-25-2013

With an ordinary [monitor:///path/to/files]. Splunk will read all the files in the directory by default.

Ayn · ‎06-25-2013

Not sure I understand the problem - what's stopping you from simply monitoring the directory?

Monitoring an entire folder with yesterday flagged files

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!