wild card in monitor path does not work in windows...

kavalan · ‎06-15-2011

Hi,

I have a question exactly like the described in this question, but I can not solve the problem following the answer.

http://splunk-base.splunk.com/answers/13613/use-of-wild-card-character-in-monitor-path

To recap my question, I have a windows 2008 server, in my inputs.conf I put down

[monitor://C:\test\*] and [monitor://C:\test\*.txt] which neither work, but if I specify the file name like this [monitor://C:\test] or [monitor://C:\test\test.txt] then indexer does read in test.txt.

I thought it as the permission issue, so I run the splunk process with administrator right by right click on the file and run it as administrator. I also right click on the folder to change the permission that everyone can read and write on it.

Is there any other I can do to solve this? The wild card works in my linux machine.

Thanks.

charles_colvin · ‎06-14-2012

I encountered the exact same behavior. In my case the problem was due to having two colons after the "Monitor" keyword. This caused Splunk to interpret my path as ":\D:\blah\blah*"

These commands are useful to see what files / directories are matching the wildcards:

$SPLUNK_HOME/bin/splunk list monitor

$SPLUNK_HOME/bin/splunk _internal call /services/admin/inputstatus/TailingProcessor:FileStatus

wild card in monitor path does not work in windows 2008

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor