Monitoring Splunk

input parsing another file

Vetrikmr
New Member

hi I have configured few forwarder agents through deployment server. I have given inputs.conf through app. here i need to monitor particular log file from directory and the same directory has a few other files too. here is my inputs.conf
[monitor : //directory\log\log.txt]
disabled=false
sourcetype=XXXX
index=XXX

so here i have to monitor that log file from few agents. But splunk it is monitoring the different file from the same path.
source: //directory\log\anotherlog.txt.

Tags (1)
0 Karma

mayurr98
Super Champion

hey @Vetrikmr

You can try whitelist and blacklist option in inputs.conf
refer this link to the same:
https://docs.splunk.com/Documentation/Splunk/7.0.1/Data/Monitorfilesanddirectorieswithinputs.conf#Mo...

Also check your log path properly:
log path is always / and your path contains \
I may be wrong but check once again:

[monitor://directory/log/log.txt]
index = XXX
sourcetype = xxx
whitelist = <give_regex> OR blacklist = <give_regex>

Yunagi
Communicator

Also, the monitor stanza has the format monitor://. So you should use three "/" here:

[monitor:///directory/log/log.txt]

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...