Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Getting Data In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: how can I put a "+" in monitor:// path ?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how can I put a "+" in monitor:// path ?
ktn01
Path Finder
08-03-2017
07:13 AM
Hello,
I have the following stanza in input.conf
[monitor:///ccv/app/oracle/diag/asm/+asm/+ASM*/trace/alert_+ASM*.log]
index = cei_oracle
sourcetype = oracle:asm:log
_TCP_ROUTING = val_idx-group
and file /ccv/app/oracle/diag/asm/+asm/+ASM1/trace/alert_+ASM1.log would not been indexed.
I modifie de path replacing every "+" with a "" `[monitor:///ccv/app/oracle/diag/asm/*asm/*ASM/trace/alert_ASM.log]
` and then the file is indexed.
How can I put a "+" on my path definition?
Thanks
Christian
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-03-2017
07:21 AM
Try escaping it using backward slash.
[monitor:///ccv/app/oracle/diag/asm/\+asm/\+ASM*/trace/alert_\+ASM*.log]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anu
Path Finder
11-23-2020
02:46 AM
@somesoni2 still didn't work for me.. Do you have any workaround for getting asm alert log in to splunk??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ktn01
Path Finder
08-03-2017
07:32 AM
Thanks,
escaping with \ is working fine...
Christian
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
08-03-2017
08:01 AM
Glad it worked for you. Please close the question by accepting the answer that worked.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
alemarzu
Motivator
08-03-2017
07:17 AM
Hi there, try this out.
[monitor:///ccv/app/oracle/diag/asm/.../trace/alert_*ASM*.log]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ktn01
Path Finder
08-03-2017
07:31 AM
Thanks but /.../ is to generic in this case
Christian
Get Updates on the Splunk Community!
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
Tuesday, May 14, 2024 | 11AM PT / 2PM ET
Register to Attend
Join us for this Tech Talk and learn how to ...
.conf24 | Personalize your .conf experience with Learning Paths!
Personalize your .conf24 Experience
Learning paths allow you to level up your skill sets and dive deeper ...
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...
