My requiremenent is to monitor day to day apache access logs and error logs through splunk
But the access logs are written as eg:ccess.123.10-08-2012 ,this will be gunzipped in the same location by log rotation script.I dont want to index the gunzip logs ,just I want the current logs
The challenge here is - the second numeric in the access log name will keep on changing and obviousuly the date as well.I meant this would be access.xxx.date
Is there a way I can give the above file name as input in splunk to monitor it on a daily basis?
I know if it had been access.log,then I can pass on the name in input file,but the file name change is dynamic.Is there a way to sort it out please?
... View more