Re: adding rolling.logs to splunk windows

brod_geico · ‎12-11-2014

I need to input below file to splunk

D:\Debug\Log\Forms\Rollingfile

and
D:\Debug\Log\Forms\Rollingfile.log20140228 with time stamp multipe file

i tried with below things in inputs.conf file but only Rollingfile was showing

Rollingfile.log20140228 not showing in splunk

[monitor://D:\Debug\Log\Forms\*.log*]
recursive = true
crcSalt = 
whitelist = \.log$|\.txt$|\.xml$|\.out$
sourcetype = log4net
index = int


[monitor://D:\Debug\Log\Forms\]
recursive = true
crcSalt = 
disabled = 0
followTail = 0
whitelist = \.(log$
sourcetype = log4net
index = int

martin_mueller · ‎12-11-2014

Your whitelists ending in .log, .txt, etc. are conflicting with the file name ending in the date.

brod_geico · ‎12-11-2014

tried too not working

[monitor://D:\Debug\Log\Forms\Rollingfile*]
recursive = true
crcSalt =
sourcetype = log4net
index = forms_int

somesoni2 · ‎12-11-2014

Try this

[monitor://D:\Debug\Log\Forms\Rollingfile*]
recursive = true
crcSalt = <SOURCE>
sourcetype = log4net
index = int

adding rolling.logs to splunk windows

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Unlock Database Monitoring with Splunk Observability Cloud

Join the Conversation

adding rolling.logs to splunk windows

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Unlock Database Monitoring with Splunk Observability Cloud