So I am confused about how to write a wildcard path for the following.
I have a UF set up to monitor a file location.
For example [.. /opt/App1/App1-1234/logs ] contains some ( .log and .log.gz ) files I want to send to the indexers.
I tested with absolute path /opt/App1/App1-1234/App1-app.log and the logs rolled into Splunk just fine
Next I tried /opt/App1/App1*/logs < but that does not work.
What is the correct way to write this ? /opt/App1/App1*/logs/* ???
It looks like you have an extra directory specified based on the original text.
This will work for files without the extra "logs" directory.
But, if you need to recurse directories, you will have to use this:
Reference -> https://docs.splunk.com/Documentation/Splunk/latest/Data/Specifyinputpathswithwildcards
View solution in original post
my bad, mistyped...
thank you for confirming that /opt/App1/App1*/logs/* is a correct way to wildcard