ERROR TailingProcessor - matching incorrect files?

lakshman237 · ‎12-13-2012

I have my inputs.conf as follows on a linux env.

[monitor:///mydomain/logs/project/mytestlogs*.txt]
blacklist = .(gz)$
whitelist = mytestlogs[1-4]{1}.txt
disabled = false
followTail = 0
recursive = false
sourcetype = mydlogs
index = mydindex

however, when the splunk process starts up, it shows errors like
ERROR TailingProcessor - matching /mydomain/logs/project/club/ against ^/mydomain/logs/project/myestlogs[^/]*.txt$

why it is looking at subdirectory, when recursive is set to false? how to avoid these ones?

MuS · ‎12-13-2012

Hi lakshman237

The docs http://docs.splunk.com/Documentation/Splunk/5.0.1/admin/Inputsconf say about recursive:

recursive = [true|false]
* If false, Splunk will not monitor subdirectories found within a monitored directory.
* Defaults to true.

but as in your stanza you are monitoring a file and not a directory.

Since you use black- and whitelists; What happens, if you change your monitor stanza to match only the path but not a wildcarded file?

Verify your settings with splunk list monitor and checked the result?

cheers,

MuS

lakshman237 · ‎12-14-2012

Thanks MuS. I can change the monitor stanza to look at the directory and change the whitelist to allow it. I'll test that out. The reason i had them separately, was there a lot of files on that directory, i wanted them get handful of them to a given sourcetype and others to another... ( possibily this could also be controlled via whitelist)

ERROR TailingProcessor - matching incorrect files?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor