Splunk forwarder log monitoring for unspecified st...

funlearning321 · ‎05-07-2018

Hello,

can i please whether the splunk will monitor the logs which are not absolutely specified . For example , i have a log path as below:

/var/log/apache.log
/var/log/trans.log

which are specified as :

[monitor:///var/log/*.log]
disabled =false
followTail = 0
index =apache_application

sourcetype = web_logs

Will the /var/log/apache.log123423434.tmp also be monitored by the above monitoring stanza ?

Thanks

ddrillic · ‎05-11-2018

You can leave followTail = 0 out of the stanza ; -)

deepashri_123 · ‎05-11-2018

Hey@funlearning321,

The answer is no , that path won't be monitored.
Hope this helps!!

adonio · ‎05-07-2018

hello there,

hope it helps

Splunk forwarder log monitoring for unspecified stanzas