Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

use of wild card character in monitor path

spatil
Path Finder
‎04-07-2011 08:27 AM

Hi,

I have below log folders

C:\Program Files\Splunk\etc\apps\MyApp\Mylogs\GN1\Performance\
C:\Program Files\Splunk\etc\apps\MyApp\Mylogs\FK1\Performance\
C:\Program Files\Splunk\etc\apps\MyApp\Mylogs\DK1\Performance\

I tried below monitor statments in inputs.conf

[monitor:C:\Program Files\Splunk\etc\apps\MyApp\Mylogs\...\Performance\]
[monitor:C:\Program Files\Splunk\etc\apps\MyApp\Mylogs\*\Performance\]

Using above statments no files are getting indexed , event count and index size is zero.

What should be the monitor path expected here .

Regards, S.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎04-07-2011 12:52 PM

Hi spatil

assuming you already checked this

http://www.splunk.com/base/Documentation/latest/Data/Specifyinputpathswithwildcards

  • does the user running splunk have read access to those directories?
  • maybe your path needs some quotes because of the space in it?

regards, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
SplunkTrust
SplunkTrust
‎04-07-2011 12:52 PM

Hi spatil

assuming you already checked this

http://www.splunk.com/base/Documentation/latest/Data/Specifyinputpathswithwildcards

  • does the user running splunk have read access to those directories?
  • maybe your path needs some quotes because of the space in it?

regards, MuS

Reply
Solved! Jump to solution

spatil
Path Finder
‎04-11-2011 05:36 AM

yes , already tried

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎04-08-2011 12:34 PM

have you tried [monitor://D:\logs...\Performance] ?

0 Karma
Reply
Solved! Jump to solution

spatil
Path Finder
‎04-08-2011 11:58 AM

I moved my log files to other location say D:\logs and tried below monitor statments [monitor://D:\logs...\Performance] [monitor://D:\logs*\Performance]

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎04-08-2011 11:42 AM

how can the path be correct if you remove the spaces from the path? have you tried only with the // in the stanza?

0 Karma
Reply
Solved! Jump to solution

spatil
Path Finder
‎04-08-2011 09:22 AM

added leading // in stanza, also removed space from monitor path, still index size is zero.
When I write whole path (removing wild cards) in monitor path , data is getting indexed. Want a solution for wild cards.

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎04-07-2011 12:55 PM

or you're just missing the leading // in your inputs.conf stanzas, like: [monitor://E:\foo*\log]

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...