How would I tell splunk to monitor a specific file through a set of subdirectories? Would I set a wildcard in the monitor statement? Should I use a whitelist?
I would aim the monitor at the higher level common directory and whitelist.
whitelist = logfileyouwant.log
That should just grab that file name regardless where it shows up in all the different subdirectories under /data1/logs/
View solution in original post