I want add some files from a directory to be monitored by splunk, but I also want to give it a new sourcetype called capacityType
According to the admin manual would it be:
./splunk add monitor /opt/capacity_script/newdblog/capacity_* [-sourcetype capacityType]
Try removing the [ ] around -sourcetype capacityType.
./splunk add monitor /opt/capacity_script/newdblog/capacity_* -sourcetype capacityType
This should update the inputs.conf located in $SPLUNK_HOME/etc/apps/search/local folder.
Also after updating the inputs.conf I always do a splunk restart.
Hope this helps
travis.
Thanks travis for your help!