Solved: Reading database logs from linux server

islam · ‎06-11-2020

Hi,

We want to read the database logs from a linux server, and the logs are stored in specific path “</path>/log/” as example . The logs are archived at the end of every day in same directory of real time log file. The real time info writes into “vertica.log” file, so we don’t want to read logs from the file “vertica.log”

How can we reed this archived files in splunk.

vertica.log.png

venkateshparank · ‎06-11-2020

Create monitoring stanza like below:

[monitor:///<path>/log/vertica.log-*]

disabled = 0

crcSalt = <SOURCE>

index = <IndexName>

If you still see the vertica.log is reading, trying adding below line in above Stanza

blacklist = vertica.log

That would be like below:

[monitor:///<path>/log/vertica.log-*]

disabled = 0

crcSalt = <SOURCE>

index = <IndexName>

blacklist = vertica.log

View solution in original post

venkateshparank · ‎06-11-2020

Create monitoring stanza like below:

[monitor:///<path>/log/vertica.log-*]

disabled = 0

crcSalt = <SOURCE>

index = <IndexName>

If you still see the vertica.log is reading, trying adding below line in above Stanza

blacklist = vertica.log

That would be like below:

[monitor:///<path>/log/vertica.log-*]

disabled = 0

crcSalt = <SOURCE>

index = <IndexName>

blacklist = vertica.log

islam · ‎07-11-2020

thanks a lot for your kindly reply.

we tried this solution and we start receiving logs now.

venkateshparank · ‎07-11-2020

@islam If the solution helps you, then an upvote would be appreciated.

Reading database logs from linux server

indexer

Linux

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies