Solved: Re: data input - path name is the same

borgy95 · ‎07-08-2015

I have two type of files i am inputted into splunk.

Both reside at /var/data/proxy/isolde.2015060812.log or mimi.2015060515.log

I can easily use the whitelist field with a regex to specifically point out which file i want to take. I want to to take them as separate inputs so each one can be assigned a different host value to be searched against.

However when specifying the path a second time splunk returns an error: "path is the same and another input". So I edited inputs.conf manually to specify the path/sourcetype/host/whitelist regex. doing a ./splunk btool check returned no errors so i think it will work?

Does anyone have any experience with this kind of scenario? Can you comment on using inputs.conf as a valid way to workaround the splunk error?

woodcock · ‎07-08-2015

It should work but if it doesn't, just create a soft link like this:

ln -fs /var/data/proxy/ /var/data/proxycopy

Then use this:

[monitor:///var/data/proxycopy/]
whilelist=other regex

View solution in original post

woodcock · ‎07-08-2015

It should work but if it doesn't, just create a soft link like this:

ln -fs /var/data/proxy/ /var/data/proxycopy

Then use this:

[monitor:///var/data/proxycopy/]
whilelist=other regex

borgy95 · ‎07-09-2015

It did work , however editing the conf file means there is no entry in the splunk web gui, so i've opted for the softlink approach.

thanks again WC

data input - path name is the same

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

IM Landing Page Filter - Now Available

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud