Re: What is the correct method to consume symlinks...

justinbarta · ‎10-04-2017

Hi,

I'm attempting to consume MSSQL ERROR logs from 800+ systems with different log locations.

The current approach is to configure a common directory on the C drive c:\mssql logs\ with up to 10 symlink links within.
Each link corresponds to LOG folders of different MSSQL Instances.

C:\MSSQL LOGS\LOG1
C:\MSSQL LOGS\LOG2
C:\MSSQL LOGS\LOG3 ... etc

For example symlink LOG1 points to C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Log

My current inputs.conf is not working however one that points to the actual does.

I need 2 questions answered.
1. What is the correct method to consume symlinks
2. Is there a better approach to deploy & consume MSSQL ERROR logs from a large amount of systems.
Thanks

[monitor://C:\MSSQL LOGS*] - Does not work
[monitor://C:\MSSQL LOGS\LOG4*] - Does not work

inputs.conf

[monitor://C:\MSSQL LOGS*]
followSymlink = true
recursive = true
index = stage_idx
sourcetype = mssql:errorlog
disabled = 0

gcusello · ‎10-26-2017

Hi
did you tried to use SQL Server TA ( https://splunkbase.splunk.com/app/2648/ )?

Bye.
Giuseppe

justinbarta · ‎10-25-2017

bump......

What is the correct method to consume symlinks?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation