Solved: How to use wildcards on inputs.conf to monitor spe...

a212830 · ‎08-06-2014

Hi,

I need to monitor the following:

/apps/log//access/today

today is the file, but the webserver name directory could be almost anything. Some begin with www, some begin with https, some have dashes, some have .com....

What can I enter so that I monitor any dir that has -8443 (and then the subdirs listed).

strive · ‎08-07-2014

I did a quick test and this works. Try it

/apps/log/*-8443*/access/today

The directories that i created are like this

/apps/log/abc-8443=123/access/today  
/apps/log/abc.123.-8443=123/access/today  
/apps/log/123_abc_def.efg-8443=456/access/today
/apps/log/abc-8000=123/access/today

View solution in original post

strive · ‎08-07-2014

I did a quick test and this works. Try it

/apps/log/*-8443*/access/today

The directories that i created are like this

/apps/log/abc-8443=123/access/today  
/apps/log/abc.123.-8443=123/access/today  
/apps/log/123_abc_def.efg-8443=456/access/today
/apps/log/abc-8000=123/access/today

a212830 · ‎08-06-2014

I'm weak on regex. My concern is that something with multiple dots or dashes won't get picked up.

strive · ‎08-06-2014

did you try something like this
/apps/log/-8443/access/today

wildcards are not displayed in comment

/apps/log/star-8443star/access/today

How to use wildcards on inputs.conf to monitor specific directories?

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability