Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

HOw to black list entire folder

vikas_gopal
Builder
‎03-03-2020 03:17 PM

HI Experts ,

I am prety sure this has been already answered but I am not able to find the correct answer on the community . I have path as below
C:\app1\tomcatlogs1\WNSalesLogs1\WNEngine1\
server1
server2
server3

I have 8 servers on which same directory structure exist

I want to use host_segment so that my host name will be automatically picked up and I only want to index server1 files . So 2 things I want to achieve
1) If I am on host 1 , the host name should be server1

2) Only server1 folder files will get indexed .

I tried folloing but it is not indexing my files and not setting up the hostname 

[monitor://C:\app1\tomcatlogs1\WNSalesLogs1\WNEngine1\*\productengin_*.log]
disabled = false
host_segment = 5
index = main
whitelist = server1

Any suggestion will be highly appricaited

Regards
VG

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎03-03-2020 03:24 PM

Can you do this?

[monitor://C:\app1\tomcatlogs1\WNSalesLogs1\WNEngine1\server1\productengin_*.log]
 host=server1
 index=main

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎03-03-2020 03:24 PM

Can you do this?

[monitor://C:\app1\tomcatlogs1\WNSalesLogs1\WNEngine1\server1\productengin_*.log]
 host=server1
 index=main
0 Karma
Reply
Solved! Jump to solution

vikas_gopal
Builder
‎03-03-2020 03:48 PM

My bad I don't know after posting my format of the inputs.conf file is disturbed let me modify it .Please check now , hope this make sense . Here first * is folder like server1, server2, etc . Wild car in the file name , I am not bothered about that , because it is just 1,2 ,3 etc

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎03-03-2020 04:16 PM

I've updated

0 Karma
Reply
Solved! Jump to solution

vikas_gopal
Builder
‎03-03-2020 04:21 PM

Thank you for the quick response but the only concern is via DS how I can manage this as a single stenza . That is why I was planing to use host_segment . So does this mean I have to create sepparate app per host ?

0 Karma
Reply
Solved! Jump to solution

vikas_gopal
Builder
‎03-03-2020 07:13 PM

Well I have created separate SC and App on DS for each host.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎03-03-2020 11:46 PM

The way you wanted to do this is possible, but you need props & transforms.

props.conf
[sourcetype]
TRANSFORMS-abc=abc

transforms.conf
[abc]
REGEX=WNEngin1\/(\W+)\/
 SOURCE=MetaData:Source
FORMAT=host::$1
DEST=MetaData:Host
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...