- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how can I set line breaking for no of files having same extension in different folders under one sorce folder
All the below folders are from same source
eg:source="parent\\.\*."
folder name fileextension linebreaking
04/04/12 x.log Breaking on date for x
y.log Breaking on some string for y
z.log another line breaker for z
05/04/12 x.log Breaking on date for x
y.log Breaking on some string for y
................so on
Please tell me the procedure how to configure both props and input.config or any other config files for the same.
Props.cofig
Source::....
sourcetype=...
[sourcetype]
linebreaking
input.cofig
monitor::/parent
priority=1
crcs...
This is my props and input.config files.How to create sourcetype for different files in a same folder instead of creating soucetype for each file seperatly in Datainputs.If we create source type mnually through datainputs then only splunk will identify the sourcetype or what?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One way to solve it;
inputs.conf
[monitor:///parent/a/*.log]
sourcetype=type_a
[monitor:///parent/b/*.log]
sourcetype=type_b
props.conf
[type_a]
BREAK_ONLY_BEFORE_DATE = true
[type_b]
SHOULD_LINEMERGE = false
LINE_BREAKER = ([\r\n]+)your_other_string_to_break_before
Hope this helps,
Kristian
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks kristian,sorry i forgot to mention that iam having same x.log extension file on other folder also i mean iam getting log on basis of each date.And iam copy that to one folder like Parent folder having
a,d,c folder all files having same extension and same line breaking.Please check i have edited my queries.
