Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Getting Data In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: inputs.conf forwarding from the same directory...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
inputs.conf forwarding from the same directory issue
Dark_Ichigo
Builder
07-07-2014
08:34 PM
Only the first Stanza works, when I comment out one of them, it works fine, but no matter what happens, I cant get them both to work...
Only highlighted logs are forwarded.
# logs1
[monitor:///home/mmm/logs/mmm.log*]
sourcetype = Core
index = CoreLog
_TCP_ROUTING = umm
#recursive = false
#whitelist = mmm\.log(\.1)?
# logs2
[monitor:///home/mmm/logs/mmm/smmm.log*]
sourcetype = CoreSMS
index = CoreLog
_TCP_ROUTING = umm
whitelist = smmm\.log(\.\d+\-\d+\-\d+)?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
musskopf
Builder
07-07-2014
08:45 PM
Have you tried like this:
# logs1
[monitor:///home/mmm/logs/mmm.log*]
sourcetype = Core
index = CoreLog
_TCP_ROUTING = umm
recursive = false
# logs2
[monitor:///home/mmm/logs/mmm/smmm.log*]
sourcetype = CoreSMS
index = CoreLog
_TCP_ROUTING = umm
recursive = false
Also, does your SUF shows any error message in the logs?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
musskopf
Builder
07-08-2014
03:48 PM
Yeah, it might be a bug actually. Have a look on this post:
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dark_Ichigo
Builder
07-07-2014
11:30 PM
Sorry, I have tried the above on multiple instances, but the same issue remains....
Could this be due to the fact that #log2 stanza is pointing at a Sub directory as opposed to the #log1 stanza which is one directory above it??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
musskopf
Builder
07-07-2014
09:22 PM
Splunk Universal Forwarder. I imagine tei config you pasted there in not from the inputs.conf on the Splunk Server but from some other box running a forwarder (splunk agent)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dark_Ichigo
Builder
07-07-2014
09:20 PM
Whats a SUF?
Get Updates on the Splunk Community!
Enter the Splunk Community Dashboard Challenge for Your Chance to Win!
The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...
.conf24 | Session Scheduler is Live!!
.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...
Introducing the Splunk Community Dashboard Challenge!
Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...
