Hello, In one of the windows machine logs (path: C:\servicedesk\logs) sending via the universal forwarder to Splunk. So I created inputs.conf and below are the monitor paths, so now am getting l...
I have a host that I am receiving logs into my heavy forwarder and that works fine. I now have a new log source on the same host and the entry in my inputs.conf is not passing the data I need t...
...hey talk about modifying the file "props.conf" and "transforms.conf" what is the difference between doing it from inputs.conf and the other way? inputs.log [monitor:///folder/folder/folder/i...
I have this in my inputs.conf
_whitelist=(\.log|log$|^messages|^secure|mesg$|cron$|acpid$|\.out)
Can anyone help me understand what are the " ^ " and the " $ " are used for?
...have been closely reading the inputs.conf Splunk documentation where it's clear that this functionality is possible using regex, but for some reason mine isn't working. I am using a...
Hi there, I want to be able to allow a dashboard of my app read the hostname stored in inputs.conf, which is provided by user when setting up the app. Specifically, I have a button on one of my a...
Hello, I have made a new app under deployment apps with the following inputs.conf [monitor:///root/something/something/something/something/]
index = test
whitelist=console-202[\S\s...
First time splunker here.
Can you have an inputs.conf with only:
[default]
host = <fqdn>
In etc/system/local while having custom apps with inputs in etc/apps? Or will the etc/system/l...
Anyone know why 5.0.1 UFs are reporting data in with host name of $decideonstartup. Looks like this setting was added in 5.0 for the inputs.conf file and the default for system/default/inputs.conf....