Directory Names

dzilk · ‎01-24-2012

I am new to splunk and am trying to set up a monitored directory. It appears that when browsing for an existing directory to use, splunk does not recognize directories named with a leading underscore character. Has anyone else observed this? I am running splunk on Windows 7.

MHibbin · ‎01-25-2012

dzilk,

I assume you are using the GUI to build your monitored inputs, I would recommend setting your inputs up, using the inputs.conf file. The reason being that you have a lot more control over what Splunk does, when you modify the conf files.

To get you started you can find a "monitor" stanza, which has already been set up, in you inputs.conf and replicate it for your needs.

The following documentation should help with the setup of your inputs.conf (http://docs.splunk.com/Documentation/Splunk/4.3/admin/Inputsconf)

The following documentation shows gives some direction on setting up a monitor stanza in your inputs.conf (http://docs.splunk.com/Documentation/Splunk/latest/Data/Editinputs.conf)

Regards,

Matt

dzilk · ‎01-25-2012

Thanks for the answer. I was really more concerned that some directories on my server were not visible and select-able from the GUI. Is this a bug? This was specifically noted on the "Preview Data before Indexing" screen when choosing a file or directory to index. If 'Browse Server' is selected, some folders are not displayed, specifically those whose names begin with an underscore.

Directory Names

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases