I have a route that has all the logs, but in it there are several types of logs, I only need some that start with a certain name.
Apple
banana
mango
dns.log
dns_1123.log
dns3_1.log
if I need the log that starts with dns and ends in anything else I understand that I can use dns *
[monitor:///folder1/folder2/folder3/folder/logs/dns*]
disabled = false
host = 10.10.10.10
index = myindex
sourcetype = mysourcetype
But when I check the logs that are being indexed, all the logs are arriving, even the ones that I don't need, how else can I make only the ones that start with dns arrive and not the other logs?
i am not sure why it does not work.. all looks good, though. maybe, try white listing.
https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/Whitelistorblacklistspecificincomingdata
[monitor:///folder1/folder2/folder3/folder/logs/dns*]
whitelist = dns.*\.log$
disabled = false
host = 10.10.10.10
index = myindex
sourcetype = mysourcetype
i am not sure why it does not work.. all looks good, though. maybe, try white listing.
https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/Whitelistorblacklistspecificincomingdata
[monitor:///folder1/folder2/folder3/folder/logs/dns*]
whitelist = dns.*\.log$
disabled = false
host = 10.10.10.10
index = myindex
sourcetype = mysourcetype
Thank you very much for your answer, it helped me a lot.
After working I remembered that I had configured the input.conf and output.conf files in two different paths, one in apps and the other in the system
It has already been solved, thank you very much.