Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Pulling out hostname from UNC path in windows

Esky73
Builder
‎05-31-2017 11:30 PM

i have several SQL servers with logs in different places so i've got a share UNC location so i can deploy inputs.conf with the same config.

\SERVERNAME\Log\appserver_log.txt

my inputs.conf looks like this - the log file is processed - but i can't seem to extract the servername - i've tried host_segment but no

[monitor://\*\Log*]
disabled = false
whitelist = appserver_log.txt
index = test

Tags (1)
0 Karma
Reply

niketn
Legend
‎06-01-2017 12:44 AM

@Esky73, For host_segment have you tried

host_segment=1

Alternatively if you know your servername pattern you can define regex. For ex(you would need to give some anonymized sample server names for exact regular expression):

host_regex=(\w+)\\Log

PS: If you have whitelisted only one log file name why not monitor only that file in the monitor block and remove whitelist?

[monitor://\*\Log\appserver_log.txt]
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply

woodcock
Esteemed Legend
‎06-01-2017 06:32 AM

As far as your monitor/whitelist comment, the 2 forms are identical, especially in the sense that internally Splunk converts what you said to what OP said anyways. Strictly speaking OP's way is "better" but your way is "simpler".

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...