- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Why does inputs.conf does not respect the use of a...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to monitor the following paths. I tried these two stanzas and neither of them work.
In the documentation - "The asterisk () matches anything in a single path segment;" Any suggestion why **batch** does not work?
Expected directories to monitor:
/opt/apps/aaa/bbb/ccc/batch/logs
/opt/apps/aaa/bbb/ccc/batch2/logs
Directory structure:
/opt/apps/aaa/bbb/ccc/batch/logs
/opt/apps/aaa/bbb/ccc/junk/logs
/opt/apps/aaa/bbb/ccc/batch2/logs
Does not work
[monitor:///opt/apps/aaa/bbb/ccc/batch*/logs]
[monitor:///opt/apps/aaa/bbb/ccc/batch(\d?)+/logs]
./splunk list monitor
Monitored Directories:
[No directories monitored.]
Monitored Files:
[/var/log]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Because of files extention specification
Here is what you was suppose to do for example, to monitor .log files:
[monitor:///opt/apps/aaa/bbb/ccc/batch*/logs]
whitelist=\.log$
or
[monitor:///opt/apps/aaa/bbb/ccc/batch*/logs/*.log]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Because of files extention specification
Here is what you was suppose to do for example, to monitor .log files:
[monitor:///opt/apps/aaa/bbb/ccc/batch*/logs]
whitelist=\.log$
or
[monitor:///opt/apps/aaa/bbb/ccc/batch*/logs/*.log]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am able to get it working with
[monitor:///opt/apps/aaa/bbb/ccc/batch*/logs/*]
Anyone know why?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Exactly same happened for me, it was not monitoring the log files with wildcard in the path
[monitor://D:\applications\jee\*\logs]
whitelist = \.log.*$|\.txt.*$|\.traceout.*$
crcSalt = <SOURCE>
disabled = false
followTail = false
ignoreOlderThan = 7d
index = websphere
08-17-2016 14:42:00.982 +1000 INFO TailingProcessor - Parsing configuration stanza: monitor://D:\applications\jee*\logs.
08-17-2016 14:42:00.982 +1000 INFO TailingProcessor - Adding watch on path: D:\applications\jee.
But it started working when I added * at the end 🙂
[monitor://D:\applications\jee\*\logs\*]
whitelist = \.log.*$|\.txt.*$|\.traceout.*$
crcSalt = <SOURCE>
disabled = false
followTail = false
ignoreOlderThan = 7d
index = websphere
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just figured out it is not about having * at the end of directory path , it needs \ at the end of directory path. So following also works
[monitor://D:\applications\jee\*\logs\]
whitelist = \.log.*$|\.txt.*$|\.traceout.*$
crcSalt = <SOURCE>
disabled = false
followTail = false
ignoreOlderThan = 7d
index = websphere
Splunk APM: New Product Features + Community Office Hours Recap!
Index This | Forward, I’m heavy; backward, I’m not. What am I?
A Guide To Cloud Migration Success
