Solved: What could be the stanza for monitoring linux dire...

ujju219 · ‎11-11-2022

what could be the stanza for monitoring linux directory

/home/cleo/Harmony/script/logs/Harmony_directory_monitor_1hr.conf.20220512.log

i tried [monitor:///home/cleo/Harmony/script/logs] with whitelist =*.log

but not able to ingest any data. this path has proper permission.

ujju219 · ‎11-11-2022

@gcusello Thanks for the help. It worked. There was also some issue with Intermediate forwarder as well, after restarting UF on Intermediate forwarder data get ingested.

View solution in original post

gcusello · ‎11-11-2022

Hi @ujju219,

please try this:

[monitor:///home/cleo/Harmony/script/logs/]

and, if not working, try:

[monitor:///home/cleo/Harmony/script/logs/*.log]

I suppose that you restarted Splunk on the Universal Forwarder after modifying.

Ciao.

Giuseppe

ujju219 · ‎11-11-2022

@gcusello Thanks for the help. It worked. There was also some issue with Intermediate forwarder as well, after restarting UF on Intermediate forwarder data get ingested.

gcusello · ‎11-11-2022

Hi @ujju219,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

What could be the stanza for monitoring linux directory?

inputs.conf

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services