Data inputs:

cwatterson · ‎10-19-2015

I'm trying to get a list of all files with the path that Splunk is currently monitoring. Google and searches here have proven unfruitful.

anekkanti_splun · ‎10-20-2015

There's a rest endpoint that lists all the files that splunk is monitoring:
https://localhost:8089/services/admin/inputstatus/TailingProcessor:FileStatus

For more details as to how exactly use the endpoint is described in the blog post:
http://blogs.splunk.com/2011/01/02/did-i-miss-christmas-2/

If you are post 6.3 you could also use the command:
$SPLUNK_HOME/bin/splunk list inputstatus

aljohnson_splun · ‎10-19-2015

I'd start with

SPL

| metadata type=sources

Then, I'd look to

Data inputs:

Then look at Local (also check Remote, just below! )

File & Monitor inputs

So that you can see, for example, a monitor input that has 32 files being monitored:

cwatterson · ‎10-19-2015

still doesn't give me anything remotely close to what i'm looking for, getting anything out of splunk other that the data it's ingesting is like pulling teeth from an angry bear with 3 of his friends with him.

How can you get a complete list of all files with the path Splunk is monitoring/ingesting?

SPL

Data inputs:

File & Monitor inputs

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases