Monitoring the directories recursively

sushma7 · ‎03-13-2014

Hi,

I have a directory on E drive by name SPLUNK. It has 3 to 4 subdirectories in it and under each subdirectory there almost 10 files with names as SystemOut_14.2.2011_1, SystemOut_14.2.2011_2 etc..
But in my SPLUNK only monitors the first file in each of the subdirectory, not the rest, why is it happening so?

Appreciate your help!

Regards,
Sushma.

MuS · ‎03-14-2014

Hi sushma7,

You monitor path is wrong, use this instead

[monitor://E:\Splunk]

Also read the docs on how to monitor files and directories and about monitorNoHandle is special.

Cheers, MuS

MuS · ‎03-16-2014

permission troubles perhaps? check splunkd.log for any messages related to this directory and/or those files

chandanghoshCTL · ‎08-17-2018

I had this problem n fix it .
looks like you already doing it right but my mistake was type ..\ , should ...\ (3 dots)
[monitor://C:\inetpub\logs\LogFiles...*.log]

linu1988 · ‎03-16-2014

whats the extension of the files? why don't you put the names explicitly?

[monitor://E:\Splunk\...\*.log]

sushma7 · ‎03-16-2014

Any suggestions please?

sushma7 · ‎03-15-2014

Sorry to say this, it was my typo error I gave the same thing that you have mentioned i.e. [monitor://E:\Splunk]
disabled=false
recursive=true

But why is it not viewing my other log files? Is there any UNC restriction in SPLUNK? When it can read a file by SystemOut_14.2.2011_1 in one of the sub directory, why is it not viewing the other 9 log files whose name just differs by last digitSystemOut_14.2.2011_2 etc...

sushma7 · ‎03-14-2014

Need help!

sushma7 · ‎03-13-2014

Under inputs.conf file i just enetered [monitor:///E:\Splunk]
disabled =false
recursive = true

Is thereanything more I need to enter?

Monitoring the directories recursively

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!