I'm confused about the behavior of regex's in inputs.conf and props.conf when using Windows directory paths. Particularly the use of '\' as an escape character or when trying to say something like '\d' for digits.
That is, in props.conf, I could easily say
[source::.../*\.log]
sourcetype=my_log
on Unix/Linux, but if I did that on a Windows box, I'm not sure what '.' matches. Is it the literal dot or is it a directory separator followed by any character? If so, how do I escape under Windows?
Or something like the following in inputs.conf on a Windows platform
[monitor://D:\Program Files\Foo\*\.log]
That's what I want to say, but I know that doesnt do what I want.
I see plenty of examples in the docs for inputs.conf and props.conf but nothing that really indicates how you would handle Windows paths differently.
I optimistically tried to use '/' as the Windows path separator and while Splunk added it to the list of directories to monitor, it would not select any files or directories until I switched it back to '\'.
Thanks
... View more