Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

inputs.conf configuration help ..

rakesh_498115
Motivator
‎09-10-2012 11:41 AM

Hi.

I have source files in the following folder

path : splunkInput/logs/

Files in the path are
Managed1.txt
Managed2.txt
Managed3.txt
Managed4.txt
....
....
....

Managed50.txt

I have 50 Files like this..

Now i have given this configuration in inputs.conf to index only first ten files..ie.Managed1.txt to Managed10.txt.

So i have like this in inputs.conf

inputs.conf

[monitor:///splunkInput/logs/Managed[1-10]{2}.txt]
disable=false
sourcetype=mydata

but this is not working ..can u help the correct regex expression for this sceneraio.

Thanx

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kristian_kolb
Ultra Champion
‎09-10-2012 12:01 PM

I think you'd better work with whitelists/blacklists in this case. I don't think that [monitor] stanza header can make use of full regexes.

[monitor:///splunkInput/logs]
sourcetype = blaha
index = blaha
whitelist = Managed1\d?\.log

Hope this helps,

Kristian

View solution in original post

Reply
Solved! Jump to solution
Solution

kristian_kolb
Ultra Champion
‎09-10-2012 12:01 PM

I think you'd better work with whitelists/blacklists in this case. I don't think that [monitor] stanza header can make use of full regexes.

[monitor:///splunkInput/logs]
sourcetype = blaha
index = blaha
whitelist = Managed1\d?\.log

Hope this helps,

Kristian

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...