Getting Data In

wild card in monitor path does not work in windows 2008



I have a question exactly like the described in this question, but I can not solve the problem following the answer.

To recap my question, I have a windows 2008 server, in my inputs.conf I put down

[monitor://C:\test\*] and [monitor://C:\test\*.txt] which neither work, but if I specify the file name like this [monitor://C:\test] or [monitor://C:\test\test.txt] then indexer does read in test.txt.

I thought it as the permission issue, so I run the splunk process with administrator right by right click on the file and run it as administrator. I also right click on the folder to change the permission that everyone can read and write on it.

Is there any other I can do to solve this? The wild card works in my linux machine.


Tags (3)


I encountered the exact same behavior. In my case the problem was due to having two colons after the "Monitor" keyword. This caused Splunk to interpret my path as ":\D:\blah\blah*"

These commands are useful to see what files / directories are matching the wildcards:

$SPLUNK_HOME/bin/splunk list monitor

$SPLUNK_HOME/bin/splunk _internal call /services/admin/inputstatus/TailingProcessor:FileStatus
0 Karma
Get Updates on the Splunk Community!

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...