Hi folks. We are currently trying to pick up some log files by using a wildcard settings in our inputs.conf file. We replaced the portion where different server names are filled in with *, but are not getting logs being pulled on the search head. My fellow Splunk engineer explained it in details below. This is in linux O/S. Please kindly advise. Thanks much.
We have 5 servers with file path:
/opt/ibm/websphere61/appserver/profiles/[servername]/TeamConnect/logs/
I want the .log files in this directory on each server.
I’ve configured the monitor:
[monitor:///opt/ibm/websphere61/appserver/profiles/*/TeamConnect/logs/]
recursive = false
but the files are not coming in.
add * at the end of the path (i.e after /logs/ , but not visible due the editor issue may be)
[monitor:///opt/ibm/websphere61/appserver/profiles//TeamConnect/logs/ ]
check if the owner of the splunkd process has the read permission to this path
is "ls -l /opt/ibm/websphere61/appserver/profiles//TeamConnect/logs/" list all the files for the same user running Splunkd??
let me know if you are still facing issues...
Thanks jayannah. My fellow splunk admin used your recommendation + "recursive = true" as a second line and it worked
Thanks ddrillic for chiming in as well 🙂
The syntax which works for us is ... instead of the *. So, it should read –
[monitor:///opt/ibm/websphere61/appserver/profiles/.../TeamConnect/logs/]
Hopefully it would work for you ; -)
Regards,
Dan
add * at the end of the path (i.e after /logs/ , but not visible due the editor issue may be)
[monitor:///opt/ibm/websphere61/appserver/profiles//TeamConnect/logs/ ]
check if the owner of the splunkd process has the read permission to this path
is "ls -l /opt/ibm/websphere61/appserver/profiles//TeamConnect/logs/" list all the files for the same user running Splunkd??
let me know if you are still facing issues...