All Apps and Add-ons

Need help w/ Ubuntu host_regex

clintla
Contributor

I've had a splunk install on windows working great & now I've moved to an Ubuntu & having
problems just with my host_regex in inputs.conf.

My windows regex worked great.

Moved to Ubuntu & looks like
host_regex = \/\/NFS\/LOGS/\getdisks\/(\S+)-DISK.txt$

files look like this.

/NFS/LOGS/getdisks/LOC1-Server1-DISK.txt

/NFS/LOGS/getdisks/LOC2-Server-1-DISK.txt

/NFS/LOGS/getdisks/LOC3-Server2-DISK.txt

/NFS/LOGS/getdisks/LOC1-Server2-DISK.txt

/NFS/LOGS/getdisks/LOC2-Server-2-DISK.txt

/NFS/LOGS/getdisks/LOC2-Server-3-DISK.txt

it really doesnt give you a hint where your going wrong. I've pumped it into
a REGEX tester & it seems right. I know it should work.

Anyone care to throw in something else to try?

1 Solution

clintla
Contributor

host_regex = :/NFS/LOGS/getdisks/(\S+)-DISK.txt$

finally tried enough & it worked

View solution in original post

clintla
Contributor

host_regex = :/NFS/LOGS/getdisks/(\S+)-DISK.txt$

finally tried enough & it worked

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...