I read all I could find in the docs and in splunkbase but I'm still struggling with that simple problem:
I need to index all the log files corresponding to these paths:
This would be generalized as:
I cannot find a way to configure the monitor path of inputs.conf nor the whitelist to only index those files.
Mainly, I want to avoid indexing files from paths like:
All I see depending of what I try is the index getting Data input file count raise but nothing getting indexed, and a lot of "ERROR TailingProcessor - matching" in the splunkd.log file.
The only time it works is when I specify the full paths without wildcards in the monitor url like:
But I don't want to have all of them as separate inputs if I can specify one regex to match them all.
... View more