I used following syntax to monitor a file input in windows
The above stanza is not indexing any file. Getting the below error in splnkd.log on forwarder
FilesystemChangeWatcher - error getting attributes of path "\D:": The filename, directory name, or volume label syntax is incorrect.
But when I use following input, it works.
Thanks for the reply.
It's not working. The reason is that I provided wildcard just after the drive D:\app\log. when we provide an input like following, it works.
Please confirm if there is any other way to provide wildcard to a folder after D:\
you can also play with the path, can you change the directory to something like D:\newdir\appxxx and then recursively monitor the newdir ?
[monitor://D:\...\log\a*.log] whitelist = D:\app*\
Hi, Thanks for the reply.
The wildcard just after the root directory is not working in Splunk. Could you please check at your end if this works?