Solved: What could be the stanza for monitoring linux dire...

ujju219 · ‎11-11-2022

what could be the stanza for monitoring linux directory

/home/cleo/Harmony/script/logs/Harmony_directory_monitor_1hr.conf.20220512.log

i tried [monitor:///home/cleo/Harmony/script/logs] with whitelist =*.log

but not able to ingest any data. this path has proper permission.

ujju219 · ‎11-11-2022

@gcusello Thanks for the help. It worked. There was also some issue with Intermediate forwarder as well, after restarting UF on Intermediate forwarder data get ingested.

View solution in original post

gcusello · ‎11-11-2022

Hi @ujju219,

please try this:

[monitor:///home/cleo/Harmony/script/logs/]

and, if not working, try:

[monitor:///home/cleo/Harmony/script/logs/*.log]

I suppose that you restarted Splunk on the Universal Forwarder after modifying.

Ciao.

Giuseppe

ujju219 · ‎11-11-2022

@gcusello Thanks for the help. It worked. There was also some issue with Intermediate forwarder as well, after restarting UF on Intermediate forwarder data get ingested.

gcusello · ‎11-11-2022

Hi @ujju219,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

What could be the stanza for monitoring linux directory?

inputs.conf

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All