Getting Data In

monitoring a specific file through subdirectories

Champion

Hi,

How would I tell splunk to monitor a specific file through a set of subdirectories? Would I set a wildcard in the monitor statement? Should I use a whitelist?

0 Karma
1 Solution

SplunkTrust
SplunkTrust

I would aim the monitor at the higher level common directory and whitelist.
http://docs.splunk.com/Documentation/Splunk/5.0.2/Data/Whitelistorblacklistspecificincomingdata

Example:
[monitor:///data1/logs/]
whitelist = logfileyouwant.log

That should just grab that file name regardless where it shows up in all the different subdirectories under /data1/logs/

View solution in original post

SplunkTrust
SplunkTrust

I would aim the monitor at the higher level common directory and whitelist.
http://docs.splunk.com/Documentation/Splunk/5.0.2/Data/Whitelistorblacklistspecificincomingdata

Example:
[monitor:///data1/logs/]
whitelist = logfileyouwant.log

That should just grab that file name regardless where it shows up in all the different subdirectories under /data1/logs/

View solution in original post