Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Two unique sourcetypes in directory with hundreds of logs

johnansett
Communicator
‎11-02-2022 12:07 PM

Hello!  I am pulling in logs from a server, there are about 500 logs in the directory.  We want to bring in all 498 of them with a generic sourcetype and two need a specific log type.  Is it as easy as this:

 

[monitor://C:\Program Files\Logs\*]

blacklist = log1:log2

disable=false

index=logs

sourcetype=logs

 

[monitor://C:\Program Files\Logs\*]

whitelist = log1:log2

disable=false

index=logs

sourcetype=specific:logs

Labels (1)
Labels
Tags (1)
0 Karma
Reply

Hutch
Path Finder
‎11-02-2022 01:51 PM

I agree with @richgalloway .

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-02-2022 12:29 PM

Yes, it's as easy as that.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...