I've had a splunk install on windows working great & now I've moved to an Ubuntu & having
problems just with my host_regex in inputs.conf.
My windows regex worked great.
Moved to Ubuntu & looks like
host_regex = \/\/NFS\/LOGS/\getdisks\/(\S+)-DISK.txt$
files look like this.
/NFS/LOGS/getdisks/LOC1-Server1-DISK.txt
/NFS/LOGS/getdisks/LOC2-Server-1-DISK.txt
/NFS/LOGS/getdisks/LOC3-Server2-DISK.txt
/NFS/LOGS/getdisks/LOC1-Server2-DISK.txt
/NFS/LOGS/getdisks/LOC2-Server-2-DISK.txt
/NFS/LOGS/getdisks/LOC2-Server-3-DISK.txt
it really doesnt give you a hint where your going wrong. I've pumped it into
a REGEX tester & it seems right. I know it should work.
Anyone care to throw in something else to try?
host_regex = :/NFS/LOGS/getdisks/(\S+)-DISK.txt$
finally tried enough & it worked
host_regex = :/NFS/LOGS/getdisks/(\S+)-DISK.txt$
finally tried enough & it worked