Solved: monitoring a specific file through subdirectories

a212830 · ‎03-15-2013

Hi,

How would I tell splunk to monitor a specific file through a set of subdirectories? Would I set a wildcard in the monitor statement? Should I use a whitelist?

starcher · ‎03-15-2013

I would aim the monitor at the higher level common directory and whitelist.
http://docs.splunk.com/Documentation/Splunk/5.0.2/Data/Whitelistorblacklistspecificincomingdata

Example:
[monitor:///data1/logs/]
whitelist = logfileyouwant.log

That should just grab that file name regardless where it shows up in all the different subdirectories under /data1/logs/

View solution in original post

starcher · ‎03-15-2013

I would aim the monitor at the higher level common directory and whitelist.
http://docs.splunk.com/Documentation/Splunk/5.0.2/Data/Whitelistorblacklistspecificincomingdata

Example:
[monitor:///data1/logs/]
whitelist = logfileyouwant.log

That should just grab that file name regardless where it shows up in all the different subdirectories under /data1/logs/

monitoring a specific file through subdirectories

[Puzzles] Solve, Learn, Repeat: Nested loops in Event Conversion

Your Guide to Splunk Digital Experience Monitoring

Data Management Digest – November 2025

Join the Conversation

monitoring a specific file through subdirectories

[Puzzles] Solve, Learn, Repeat: Nested loops in Event Conversion

Your Guide to Splunk Digital Experience Monitoring

Data Management Digest – November 2025