Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Monitoring an incrementing file name in a directory with a lot of different log files, how do I monitor just that file name?

joxley
Path Finder
‎04-21-2015 05:45 AM

A system that I am watching generates log files and rotates them such that the filenumbers increase, every X rows. Currently my monitor stanza is

[monitor:///var/log/mysystem/mainlog.00000.log]
index = my_index
sourcetype = mysystem_mainlog
disabled = false

There are lots of different log files in that directory. How should I monitor just mainlog*?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

joxley
Path Finder
‎04-21-2015 05:48 AM

The solution is to monitor the directory with a whitelist:

 [monitor:///var/log/mysystem]
 whitelist = mainlog.\d+.log
 index = my_index
 sourcetype = mysystem_mainlog
 disabled = false

View solution in original post

Reply
Solved! Jump to solution
Solution

joxley
Path Finder
‎04-21-2015 05:48 AM

The solution is to monitor the directory with a whitelist:

 [monitor:///var/log/mysystem]
 whitelist = mainlog.\d+.log
 index = my_index
 sourcetype = mysystem_mainlog
 disabled = false
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...