hi I have configured few forwarder agents through deployment server. I have given inputs.conf through app. here i need to monitor particular log file from directory and the same directory has a few other files too. here is my inputs.conf
[monitor : //directory\log\log.txt]
disabled=false
sourcetype=XXXX
index=XXX
so here i have to monitor that log file from few agents. But splunk it is monitoring the different file from the same path.
source: //directory\log\anotherlog.txt.
hey @Vetrikmr
You can try whitelist
and blacklist
option in inputs.conf
refer this link to the same:
https://docs.splunk.com/Documentation/Splunk/7.0.1/Data/Monitorfilesanddirectorieswithinputs.conf#Mo...
Also check your log path properly:
log path is always /
and your path contains \
I may be wrong but check once again:
[monitor://directory/log/log.txt]
index = XXX
sourcetype = xxx
whitelist = <give_regex> OR blacklist = <give_regex>
Also, the monitor stanza has the format monitor://. So you should use three "/" here:
[monitor:///directory/log/log.txt]