Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

monitoring wildcards...

a212830
Champion
‎03-19-2013 10:07 AM

Hi,

I need to monitor a specific file that can exist in many subdirectories. The file exists below this directory: F:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile\logs>

My inputs.conf looks like this. I'm not getting the SystemOut.log or SystemErr.log, even though they exist and are generating data. Did I do something wrong? 

[monitor://F:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile\logs]
recursive = true
sourcetype = STGWProfileLogs_system
index = euc_sametimedata
crcSalt = <SOURCE>
whitelist = SystemOut.log|SystemErr.log
Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-19-2013 12:52 PM

Your path doesn't include any wildcards at all. Refer to http://docs.splunk.com/Documentation/Splunk/latest/Data/Specifyinputpathswithwildcards for the correct use of ... and * wildcards.

You may be looking for something like this:

[monitor://F:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile\logs\*]
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-20-2013 06:49 AM

To take everything you likely need to add a trailing backslash under Windows. ..._Profile\logs only looks for a file named logs if I remember correctly.

0 Karma
Reply

a212830
Champion
‎03-19-2013 01:00 PM

Thanks. Wildcare the monitored directories, or specific files that I want monitored, or both? In this case, I was assuming that it would take everything under my logs directory, and look for my whitelist.

0 Karma
Reply
Get Updates on the Splunk Community!

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

Splunk New Course Releases for a Changing World

Every day, the world feels like it’s moving faster with new technological breakthroughs, AI innovation, and ...