Hello, In one of the windows machine logs (path: C:\servicedesk\logs) sending via the universal forwarder to Splunk. So I created inputs.conf and below are the monitor paths, so now am getting l...
...hey talk about modifying the file "props.conf" and "transforms.conf" what is the difference between doing it from inputs.conf and the other way? inputs.log [monitor:///folder/folder/folder/i...
I have this in my inputs.conf
_whitelist=(\.log|log$|^messages|^secure|mesg$|cron$|acpid$|\.out)
Can anyone help me understand what are the " ^ " and the " $ " are used for?
Hello, I have made a new app under deployment apps with the following inputs.conf [monitor:///root/something/something/something/something/]
index = test
whitelist=console-202[\S\s...
hi,
can you please tell me what is the right way to btool inputs.conf for a specific app context. I want to troubleshoot this error that is too much in my splunk search head messages n...
...owever the log stops when I use the wild card.
My inputs.conf looks like:
[monitor://D:\[path]\logs\]
whitelist=localhost_access_log*txt
disabled = 0
I've tried numerous variations such as * ......
Hello
I have some directories that I need to monitor. Using updated inputs for the TA_nix app I am adding syslog/linux:audit data is specific paths. It mostly works as expected BUT I had a few o...
Anyone know why 5.0.1 UFs are reporting data in with host name of $decideonstartup. Looks like this setting was added in 5.0 for the inputs.conf file and the default for system/default/inputs.conf....
...hose hosts.
I do not want to push individual inputs.conf files. So how to I get the appropriate host name for the syslog input?
If I leave host emtpy, I get 127.0.0.1 which is not helpful. When I s...