Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk forwarder log monitoring for unspecified stanzas

funlearning321
New Member
‎05-07-2018 02:28 PM

Hello,

can i please whether the splunk will monitor the logs which are not absolutely specified . For example , i have a log path as below:

/var/log/apache.log
/var/log/trans.log

which are specified as :

[monitor:///var/log/*.log]
disabled =false
followTail = 0
index =apache_application

sourcetype = web_logs

Will the /var/log/apache.log123423434.tmp also be monitored by the above monitoring stanza ?

Thanks

0 Karma
Reply

ddrillic
Ultra Champion
‎05-11-2018 08:39 AM

You can leave followTail = 0 out of the stanza ; -)

0 Karma
Reply

deepashri_123
Motivator
‎05-11-2018 02:13 AM

Hey@funlearning321,

The answer is no , that path won't be monitored.
Hope this helps!!

0 Karma
Reply

adonio
Ultra Champion
‎05-07-2018 02:51 PM

hello there,

please read this doc page in detail:
https://docs.splunk.com/Documentation/Splunk/7.1.0/Data/Specifyinputpathswithwildcards
also many answers here on this subject, here is an example:
https://answers.splunk.com/answers/7701/wildcards-with-inputs-conf.html

hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...