Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Monitoring files from multiple inputs

anna_kendrik
Engager
‎06-04-2013 11:00 AM

How can I set my monitor in inputs.conf so that both of these directories are monitored-
1./var/lib/usr
2. /var/lib/newuser/usr

If I do [monitor:///var/lib/.../usr/] - will that work for both? Or will that assume that there is at least one subdirectory between "lib" and "usr"

Thanks in advance!

Tags (2)
0 Karma
Reply

Gilberto_Castil
Splunk Employee
Splunk Employee
‎06-04-2013 02:00 PM

In general terms these two directories separate entities. While they are in the same tree, these have different inodes and you can monitor each individually. So, the answer to your question is to create two (2) separate entries in inputs.conf.

[monitor:///var/lib/usr]
sourcetype = answers-1370379558 

[monitor:///var/lib/newuser/usr]
sourcetype = answers-1370379591

Is there more to your question?

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...