field extraction on specific path

indeed_2000 · ‎12-13-2019

Hi
I have some log files with different name that copy into the Splunk server "/opt/splunk/logs" daily.
when I extract fields it just do this on specific file, while I need those field extract on every log on that path.
what is the solution here? I should define index for all logs and the extract field? is there any idea?

Thanks,

woodcock · ‎12-14-2019

You can use this in props.conf:

[source:///Your/Partial/Path/Here/*]
Your Settings Here

field extraction on specific path

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

field extraction on specific path

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future