Hallo,
i only want to monitor files in the directory pkorb and not files in subdirectory pkorb/oldlogs
What is the right monitor ?
or any other ?
[monitor:///var/log/pkorb/*]
will forward any files sitting in the pkorb
directory but will NOT forward files from sub-directories in that pkorb
directory
If you wanted to ingest data from a subdirectory, it would look like
[monitor:///var/log/pkorb/.../*]
[monitor:///var/log/pkorb/*]
will forward any files sitting in the pkorb
directory but will NOT forward files from sub-directories in that pkorb
directory
If you wanted to ingest data from a subdirectory, it would look like
[monitor:///var/log/pkorb/.../*]
thank you
Did this answer your question? If so then please accept the answer
yes, this is what i am looking for.
Can you please accept the answer and close it out?
I'd give this a shot:
[monitor:///var/log/pkorb]
recursive = false
Alternatively, this:
[monitor:///var/log/pkorb]
blacklist = oldlogs
The latter would recurse, but skip the oldlogs directory. See http://docs.splunk.com/Documentation/Splunk/6.5.2/Admin/inputsconf for specs.