Getting Data In

What is the proper use of (*) wildcard in a file monitor path?

Log_wrangler
Builder

So I am confused about how to write a wildcard path for the following.

I have a UF set up to monitor a file location.

For example [.. /opt/App1/App1-1234/logs ] contains some ( .log and .log.gz ) files I want to send to the indexers.

I tested with absolute path /opt/App1/App1-1234/App1-app.log and the logs rolled into Splunk just fine
Next I tried /opt/App1/App1*/logs < but that does not work.

What is the correct way to write this ? /opt/App1/App1*/logs/* ???

Please advise.

Thank you

Tags (2)
0 Karma
1 Solution

jconger
Splunk Employee
Splunk Employee

It looks like you have an extra directory specified based on the original text.

/opt/App1/App1-1234/App1-app.log
/opt/App1/App1*/logs
/opt/App1/App1*/logs/*

This will work for files without the extra "logs" directory.

[monitor:///opt/App1/App1*/*]

But, if you need to recurse directories, you will have to use this:

[monitor:///opt/App1/.../logs/*]

Reference -> https://docs.splunk.com/Documentation/Splunk/latest/Data/Specifyinputpathswithwildcards

View solution in original post

0 Karma

jconger
Splunk Employee
Splunk Employee

It looks like you have an extra directory specified based on the original text.

/opt/App1/App1-1234/App1-app.log
/opt/App1/App1*/logs
/opt/App1/App1*/logs/*

This will work for files without the extra "logs" directory.

[monitor:///opt/App1/App1*/*]

But, if you need to recurse directories, you will have to use this:

[monitor:///opt/App1/.../logs/*]

Reference -> https://docs.splunk.com/Documentation/Splunk/latest/Data/Specifyinputpathswithwildcards

View solution in original post

0 Karma

Log_wrangler
Builder

my bad, mistyped...

/opt/App1/App1-1234/logs/App1-app.log

thank you for confirming that /opt/App1/App1*/logs/* is a correct way to wildcard

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.