I am trying to extract the hostname from the name of the file selected as input.
For input setup I have the following:
Set Host = regex on path
Regular Expression = _([^_]+).log$
Whitelist = *\.log$
file names and path look like this: (this is an nfs mounted share)
/dev/data/runs/int_master__int_master_2012_03_20_15_48_39/logs/target_diag_manager_xray_int0001.log
int0001.log is my hostname, but Splunk keeps flagging the hostname as dev0001, the splunk indexer, as the hostname.
Suggestions, thoughts?
I don't think your regex is correct. Maybe try ([^/_]+).log$ instead?
Thanks a lot that did the trick. Now it's grabbing exactly what I wanted.