server 1
server 2
server 3
monitoring location is shared \server[1-3]\logs\serevr.log
server[1-3] is able to reach all logs since its share.
For example, server 1 will be able to read log files from server 2 and server 3
My current input definitely will index duplicate data since all three servers will be hitting the network storage at a time, which may easily break something:
[monitor://\\server1\logs\serevr.log]
index=main
sourcetype=serverlog
[monitor://\\server2\logs\serevr.log]
index=main
sourcetype=serverlog
[monitor://\\server3\logs\serevr.log]
index=main
sourcetype=serverlog
Question:
How do I monitor this logs so server 1 will only monitor server 1 logs on the shared drive and server 2 will monitor only server 2 logs and same as server 3?
Thank you for your help.
... View more