Hi I read all I could find in the docs and in splunkbase but I'm still struggling with that simple problem: I need to index all the log files corresponding to these paths: /logs/serv1/apache-tomcat4/logs/application.log-2012-01-01 /logs/serv2/apache-tomcat3/logs/application.log-2011-01-01 /logs/serv3/apache-tomcat1/logs/application.log-2010-01-01 This would be generalized as: /logs/serv[0-9]/apache-tomcat[1-4]/logs/application\.log.* I cannot find a way to configure the monitor path of inputs.conf nor the whitelist to only index those files. Mainly, I want to avoid indexing files from paths like: /logs/serv3/apache-tomcat2OLD/logs/application.log-2010-01-01 All I see depending of what I try is the index getting Data input file count raise but nothing getting indexed, and a lot of "ERROR TailingProcessor - matching" in the splunkd.log file. The only time it works is when I specify the full paths without wildcards in the monitor url like: /logs/serv1/apache-tomcat1/logs/application.log* /logs/serv1/apache-tomcat2/logs/application.log* /logs/serv1/apache-tomcat3/logs/application.log* /logs/serv1/apache-tomcat4/logs/application.log* /logs/serv2/apache-tomcat1/logs/application.log* etc... But I don't want to have all of them as separate inputs if I can specify one regex to match them all. Thanks ... View more