SO the other day, I was asked to ingest some data for jenkins, and Splunk has seemed to only ingest some of that data. I have this monitor installed on both the Production and Development remote in...
See more...
SO the other day, I was asked to ingest some data for jenkins, and Splunk has seemed to only ingest some of that data. I have this monitor installed on both the Production and Development remote instances: [monitor:///var/lib/jenkins/jobs.../log]
recursive = true
index = azure
sourcetype = jenkins
disabled = 0
[monitor:///var/lib/jenkins/jobs]
index = jenkins
sourcetype = jenkins
disabled = 0
recursive = true
#[monitor:///var/lib/jenkins/jobs/web-pipeline/branches/develop/builds/14]
#index = testing
#sourcetype = jenkins
#recursive = true
#disabled = 0 Pretty much, I have most of the data ingested, but for whatever reason, I cant find any data for /var/lib/jenkins/jobs/web-pipeline/branches/develop/builds/14, or other random paths that we spot check. For that bottom commented out input, I specify the entire path and I even added a salt so we could re ingest it. Its commented out rn, but i have tried different iterations for that specific path. It has and continues to ingest everything under that /var/lib/jenkins/jobs, but i do not see some of the data. Based on this input, should i be doing something else? Could it be an issue with having the same sourcetype as the data that is funneled to the azure index? Is the syntax incorrect? I want to ingest EVRYTHING, including files within subdirectories into splunk. Thats why i used recursive, but is that not enough? Thanks for any help.