Hi,
I have the following input setup and it won't work. I cannot figure out what is wrong with it.
Any ideas?
Thanks,
JG
[monitor:///C:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-192.15.0.2-2018-08-08.txt]
whitelist = *192.15.0.2*.txt|
host_regex=-(.*)-\d\d\d\d-\d\d-\d\d.txt
sourcetype = meraki
index = Meraki
# ignoreOlderThan = 30d
disabled = false
@jgorman_THG,
the problem could be that you use three / slashes in the monitor stanza.
Try this
[monitor://C:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-192.15.0.2-2018-08-08.txt]
Also... have you restarted splunk after configuring this?
@jgorman_THG,
the problem could be that you use three / slashes in the monitor stanza.
Try this
[monitor://C:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-192.15.0.2-2018-08-08.txt]
Also... have you restarted splunk after configuring this?
@jgorman_THG were you able to fix the problem?
Yup! that fixed it! I know it was something silly and small like that.