Getting Data In

monitoring wildcards...

a212830
Champion

Hi,

I need to monitor a specific file that can exist in many subdirectories. The file exists below this directory: F:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile\logs>

My inputs.conf looks like this. I'm not getting the SystemOut.log or SystemErr.log, even though they exist and are generating data. Did I do something wrong?

[monitor://F:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile\logs]
recursive = true
sourcetype = STGWProfileLogs_system
index = euc_sametimedata
crcSalt = <SOURCE>
whitelist = SystemOut.log|SystemErr.log
Tags (2)
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Your path doesn't include any wildcards at all. Refer to http://docs.splunk.com/Documentation/Splunk/latest/Data/Specifyinputpathswithwildcards for the correct use of ... and * wildcards.

You may be looking for something like this:

[monitor://F:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile\logs\*]
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

To take everything you likely need to add a trailing backslash under Windows. ..._Profile\logs only looks for a file named logs if I remember correctly.

0 Karma

a212830
Champion

Thanks. Wildcare the monitored directories, or specific files that I want monitored, or both? In this case, I was assuming that it would take everything under my logs directory, and look for my whitelist.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...