Developing for Splunk Platform

How to capture the log of a filepath?

yesh_9
Engager

I need help on development .  I have a requirement to capture the logs of a file path "care\outbound\prod" and "care\outbound\Test", Both the file names are same one will go to Test folder and other will go to Prod folder. As per the initial requirement I want capture the test data that is coming to "care\outbound\Test" path. Need help on coding part.

code:

 

index=***  doc_name= *****  "*care*"

 

I have choose "care" as a key point, What ever the files cross through "care" folder it captures. But I need to capture the files which are coming to  "care\outbound\Test" .

Please let me know if you need more clarification.

Labels (4)
0 Karma

PickleRick
Ultra Champion

It's not clear what you're refering to.

Typically with file monitor inputs, the log file path is stored in the source field. So if you want to only match events coming from this path, you should match against that field.

But if you're trying to find that path part in the event data you can of course try to match on some both-sided-wildcard pattern like "*care*" but it's gonna be highly ineffective since splunk has to do a full-text raw match against all events.

So please be a bit more specific what you're trying to do, what is your event format and so on.

0 Karma

SanjayReddy
Builder

Hi @yesh_9 

you can try this 

index=***  source="*care\outbound\Test*" doc_name= *****  

if you wanted to get data for PROD replaced test with PROD

0 Karma

yesh_9
Engager

@SanjayReddy - Thanks for your response. But we already have a predefined source for this Files and this are coming from Staging source. 

0 Karma

SanjayReddy
Builder

Hi @yesh_9 

I assume Staging sourcetype not the source 

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...