Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

monitoring wildcards...

a212830
Champion
‎03-19-2013 10:07 AM

Hi,

I need to monitor a specific file that can exist in many subdirectories. The file exists below this directory: F:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile\logs>

My inputs.conf looks like this. I'm not getting the SystemOut.log or SystemErr.log, even though they exist and are generating data. Did I do something wrong? 

[monitor://F:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile\logs]
recursive = true
sourcetype = STGWProfileLogs_system
index = euc_sametimedata
crcSalt = <SOURCE>
whitelist = SystemOut.log|SystemErr.log
Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-19-2013 12:52 PM

Your path doesn't include any wildcards at all. Refer to http://docs.splunk.com/Documentation/Splunk/latest/Data/Specifyinputpathswithwildcards for the correct use of ... and * wildcards.

You may be looking for something like this:

[monitor://F:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile\logs\*]
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-20-2013 06:49 AM

To take everything you likely need to add a trailing backslash under Windows. ..._Profile\logs only looks for a file named logs if I remember correctly.

0 Karma
Reply

a212830
Champion
‎03-19-2013 01:00 PM

Thanks. Wildcare the monitored directories, or specific files that I want monitored, or both? In this case, I was assuming that it would take everything under my logs directory, and look for my whitelist.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...