Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

use of wild card character in monitor path

spatil
Path Finder
‎04-07-2011 08:27 AM

Hi,

I have below log folders

C:\Program Files\Splunk\etc\apps\MyApp\Mylogs\GN1\Performance\
C:\Program Files\Splunk\etc\apps\MyApp\Mylogs\FK1\Performance\
C:\Program Files\Splunk\etc\apps\MyApp\Mylogs\DK1\Performance\

I tried below monitor statments in inputs.conf

[monitor:C:\Program Files\Splunk\etc\apps\MyApp\Mylogs\...\Performance\]
[monitor:C:\Program Files\Splunk\etc\apps\MyApp\Mylogs\*\Performance\]

Using above statments no files are getting indexed , event count and index size is zero.

What should be the monitor path expected here .

Regards, S.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎04-07-2011 12:52 PM

Hi spatil

assuming you already checked this

http://www.splunk.com/base/Documentation/latest/Data/Specifyinputpathswithwildcards

  • does the user running splunk have read access to those directories?
  • maybe your path needs some quotes because of the space in it?

regards, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
Legend
‎04-07-2011 12:52 PM

Hi spatil

assuming you already checked this

http://www.splunk.com/base/Documentation/latest/Data/Specifyinputpathswithwildcards

  • does the user running splunk have read access to those directories?
  • maybe your path needs some quotes because of the space in it?

regards, MuS

Reply
Solved! Jump to solution

spatil
Path Finder
‎04-11-2011 05:36 AM

yes , already tried

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎04-08-2011 12:34 PM

have you tried [monitor://D:\logs...\Performance] ?

0 Karma
Reply
Solved! Jump to solution

spatil
Path Finder
‎04-08-2011 11:58 AM

I moved my log files to other location say D:\logs and tried below monitor statments [monitor://D:\logs...\Performance] [monitor://D:\logs*\Performance]

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎04-08-2011 11:42 AM

how can the path be correct if you remove the spaces from the path? have you tried only with the // in the stanza?

0 Karma
Reply
Solved! Jump to solution

spatil
Path Finder
‎04-08-2011 09:22 AM

added leading // in stanza, also removed space from monitor path, still index size is zero.
When I write whole path (removing wild cards) in monitor path , data is getting indexed. Want a solution for wild cards.

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎04-07-2011 12:55 PM

or you're just missing the leading // in your inputs.conf stanzas, like: [monitor://E:\foo*\log]

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...