Monitoring Splunk

Inputs not working

jgorman_THG
Explorer

Hi,

I have the following input setup and it won't work. I cannot figure out what is wrong with it.

Any ideas?

Thanks,

JG

[monitor:///C:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-192.15.0.2-2018-08-08.txt]
whitelist = *192.15.0.2*.txt|
host_regex=-(.*)-\d\d\d\d-\d\d-\d\d.txt 
sourcetype = meraki
index = Meraki
# ignoreOlderThan = 30d
disabled = false
Tags (1)
0 Karma
1 Solution

horsefez
Motivator

@jgorman_THG,
the problem could be that you use three / slashes in the monitor stanza.

Try this
[monitor://C:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-192.15.0.2-2018-08-08.txt]

Also... have you restarted splunk after configuring this?

View solution in original post

0 Karma

horsefez
Motivator

@jgorman_THG,
the problem could be that you use three / slashes in the monitor stanza.

Try this
[monitor://C:\Program Files (x86)\Syslogd\Logs\SyslogCatchAll-192.15.0.2-2018-08-08.txt]

Also... have you restarted splunk after configuring this?

0 Karma

horsefez
Motivator

@jgorman_THG were you able to fix the problem?

0 Karma

jgorman_THG
Explorer

Yup! that fixed it! I know it was something silly and small like that.

0 Karma
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...