Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the proper syntax for my forwarder inputs.conf stanza to monitor specific files based on a string in the filename?

andrefriedmann
New Member
‎09-16-2015 07:35 AM

Hi

I am trying to monitor specific files from one directory based on a string in the filename.

Example files:

C:\testapp\logs\02-05-2014 Logins.log
C:\testapp\logs\04-06-2014 Audits.log

There will be daily login and audit files, however, I only want to monitor the files with logins. Everything I have tried so far either forward nothing or all files! Any help much appreciated.

Last thing I tried was: 

[monitor://C:\testapp\logs\[0-9-]+\sSvcLogins.log]

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

tlelle_splunk
Splunk Employee
Splunk Employee
‎09-16-2015 12:54 PM

Have you tried just the basic :

[monitor://C:\testapp\logs\*Logins.log]

In your case, this should work.

For reference:
http://docs.splunk.com/Documentation/Splunk/6.2.5/Data/Specifyinputpathswithwildcards

View solution in original post

Reply
Solved! Jump to solution
Solution

tlelle_splunk
Splunk Employee
Splunk Employee
‎09-16-2015 12:54 PM

Have you tried just the basic :

[monitor://C:\testapp\logs\*Logins.log]

In your case, this should work.

For reference:
http://docs.splunk.com/Documentation/Splunk/6.2.5/Data/Specifyinputpathswithwildcards

Reply
Solved! Jump to solution

andrefriedmann
New Member
‎09-17-2015 07:42 AM

Hi

Yes, and I was sure I had previously tried something very similar!! but that worked

Thanks for your help

0 Karma
Reply
Solved! Jump to solution

tlelle_splunk
Splunk Employee
Splunk Employee
‎09-17-2015 07:38 AM

Were you able to try this out?

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...