Solved: monitoring a specific file through subdirectories

a212830 · ‎03-15-2013

Hi,

How would I tell splunk to monitor a specific file through a set of subdirectories? Would I set a wildcard in the monitor statement? Should I use a whitelist?

starcher · ‎03-15-2013

I would aim the monitor at the higher level common directory and whitelist.
http://docs.splunk.com/Documentation/Splunk/5.0.2/Data/Whitelistorblacklistspecificincomingdata

Example:
[monitor:///data1/logs/]
whitelist = logfileyouwant.log

That should just grab that file name regardless where it shows up in all the different subdirectories under /data1/logs/

View solution in original post

starcher · ‎03-15-2013

I would aim the monitor at the higher level common directory and whitelist.
http://docs.splunk.com/Documentation/Splunk/5.0.2/Data/Whitelistorblacklistspecificincomingdata

Example:
[monitor:///data1/logs/]
whitelist = logfileyouwant.log

That should just grab that file name regardless where it shows up in all the different subdirectories under /data1/logs/

monitoring a specific file through subdirectories

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation