Getting Data In
Highlighted

Monitoring an entire folder with yesterday flagged files

Builder

Hello Splunk Experts,

I have a folder that i need to monitored entirely:
the folder contains a list that is represented by the following:

namefile1yyyymmdd.csv
namefile2
yyyymmdd.csv
namefile3_yyyymmdd.csv

each day this folder will contains CSV's from yesterday,
How splunk could monitor automatically such folder?

Thanks,

0 Karma
Highlighted

Re: Monitoring an entire folder with yesterday flagged files

Legend

Not sure I understand the problem - what's stopping you from simply monitoring the directory?

0 Karma
Highlighted

Re: Monitoring an entire folder with yesterday flagged files

Ultra Champion

With an ordinary [monitor:///path/to/files]. Splunk will read all the files in the directory by default.

0 Karma
Highlighted

Re: Monitoring an entire folder with yesterday flagged files

Builder

I need from splunk to monitor only files of yesterday in that folder to reduce CPU consumption. I found that i can use ignoreOlderThan =

0 Karma
Highlighted

Re: Monitoring an entire folder with yesterday flagged files

Builder

vi inputs.conf
[monitor:///home/splunk/devicescollect/AgentsReads]
disabled = false
followTail = 0
host = dcpcontroller.wavemark.net
sourcetype = AgentsReads
crcSalt=
[monitor:///home/splunk/devicescollect/DevicesReads]
disabled = false
followTail = 0
host = dcpcontroller.wavemark.net
sourcetype = DevicesReads
crcSalt=
[monitor:///home/splunk/devicescollect/DevicesInfo]
disabled = false
followTail = 0
host = dcpcontroller.wavemark.net
sourcetype = DevicesInfo
crcSalt=

The above line will tell splunk to monitor the entire directory , there are mainly 3 directories created ( folders)
-AgentsReads
-DevicesReads
-DevicesInfo

0 Karma