Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

inputs.conf monitoring multiple folders

rahulg
Explorer
‎02-16-2021 07:27 AM

Hello there

i have inputs.conf

#[monitor:///opt/splunk/etc/apps/my_app/bin/out/.../*.gz]
#disabled=0
#index=security_my_index
#sourcetype=fzzz
#source=fdr
#interval=60

 

this is only indexing  all the files under

/opt/splunk/etc/apps/my_app/bin/out/data/**

 

but data is not getting indexed from below locations

/opt/splunk/etc/apps/my_app/bin/out/fdrv2/aidmaster

/opt/splunk/etc/apps/my_app/bin/out/fdrv2/managedassets

any idea on this?

Labels (1)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-17-2021 03:54 AM

Hİ @rahulg,

Is it possible that the filenames on those folders are not matching *.gz ?

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

rahulg
Explorer
‎02-17-2021 08:40 AM

Now  i tried to chaneg inputs.conf

[monitor:///opt/splunk/etc/apps/my_app/bin/out/]

whitelist = \.gz$
recursive = true
disabled=0
index=security_my_index
sourcetype=fzzz
source=fdr
interval=60

looks like files are getting read but not indexed

i see logs 

INFO ArchiveProcessor - new tailer already processed path=

 

 

logs says

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...