UF not monitoring the directory

jibin1988 · ‎11-12-2019

UF is not reading dhcp logs :

internal logs :
11-12-2019 11:34:13.775 +0300 INFO TailingProcessor - Adding watch on path: G:\dhcp\logs.

No ERROR logs or WARN logs

inputs.conf

[monitor://G:\dhcp\logs]
disabled = false
whitelist = Dhcp*
crcSalt =
initCrcLength = 2000
alwaysOpenFile = 1
sourcetype = DhcpLog
index = windows_it

codebuilder · ‎11-14-2019

Your whitelist parameter is not recursive. Therefore, if your logs reside in a sub-directory, they will not be picked up.
Also, if you your logs do not have a file extension, Splunk will see them as binary and exclude them by default.

https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Inputsconf
Note concerning wildcards and monitor:
* You can use wildcards to specify your input path for monitored inputs. Use
"..." for recursive directory matching and "*" for wildcard matching in a
single directory segment.

----
An upvote would be appreciated and Accept Solution if it helps!

gcusello · ‎11-12-2019

Hi @jibin1988,
what's the user od splunkforwarder process, SYSTEM_LOCAL?
Ithink that the crcSalt row is crcSalt = <SOURCE> but there's a visualizaziont problem (please use the Code Sample button), is it correct?

Ciao.
Giuseppe

UF not monitoring the directory

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM