I have to monitor two source types in this following directory structure
\\Server\Path\{can be any name}.log == > sourcetype = FirstLog
\\Server\Path\SubPath\{can be any name}.csv == > sourcetype = SecondLog
How do I set up the inputs.conf? Right now, my first monitor for \\Server\Path is working but the next monitor for \\Server\Path\SubPath is not working.
Set the monitor specific to the file in your inputs.conf :
[monitor://\\Server\share\*.log]
sourcetype = FirstLog
[monitor://\\Server\Share\Directory\*.csv]
sourcetype = SecondLog
It was a suggestion is you are have trouble accessing the files by UNC path. I modified the example to reflect using a wildcard for the file name.
Sorry, I don't understand what it has anything to do with my problem with assigning log files from subdirectories to different sourcetype.
*** Also I can't hard code the name of the log files because as I described log file name can vary. It can be any name.
The inputs.conf example should still work. If you are using UNC paths then you might want to take a look at this:
http://splunk-base.splunk.com/answers/35281/splunk-index-logs-from-network-drive
Sorry, the slashes didn't show up correctly in my message. That's not what I need. I updated the message above.