Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

not monitored similer name local files on windows

dhirendra761
Contributor
‎07-23-2018 10:09 PM

My logs files are having named as "xxxx*.log.2018-06-27, xxxx*.log.2018-06-26, xxxx*.log.2018....."
it differntiate with date when it was genrated.
Now i want to monitor the directory for log files.
when i search for the log in directory using splunk, the source count is only 1. It takes only 1file for search.

All log files having different contents. So I am not able to search for whole log files.
Please suggest in this case.

Let me know in case of more info required.alt text
alt text

Tags (1)
Preview file
1 KB
Preview file
1 KB
0 Karma
Reply

woodcock
Esteemed Legend
‎07-24-2018 12:14 PM

Try this:

[monitor://D:\Splunk\Logs\*\dd\*.log]
disabled = false
sourcetype = dd
0 Karma
Reply

dhirendra761
Contributor
‎07-24-2018 11:47 PM

Thanks for input.
But It doesn't work. If you rename the log files with different name then it work and available for the search.

0 Karma
Reply

sudosplunk
Motivator
‎07-24-2018 09:33 AM

Modify your monitor stanza to below:

[monitor://D:\Splunk\Logs\uVisit\dd\Visit*.log*]
disabled = false
sourcetype = dd

OR

[monitor://D:\Splunk\Logs\uVisit\dd]
disabled = false
whitelist = \.log\.\d+|\.log$
sourcetype = dd
0 Karma
Reply

dhirendra761
Contributor
‎07-24-2018 11:47 PM

Thanks for input.
But It doesn't work. If you rename the log files with different name then it work and available for the search.

0 Karma
Reply

sudosplunk
Motivator
‎07-31-2018 05:34 AM

For the .log.date files, file type is not Text document. Can you open and read the files with date extension. If yes, then above monitor stanza should work as it is using *.log* which matches all files under dd directory.

0 Karma
Reply

renjith_nair
Legend
‎07-24-2018 12:10 AM

@dhirendra761 , hows your inputs.conf configured?

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

dhirendra761
Contributor
‎07-26-2018 12:10 AM

I will share the links for file directory which i used currently.

0 Karma
Reply

dhirendra761
Contributor
‎07-24-2018 12:30 AM

@renjith.nair Hi Renjith,
input.conf is configured as below:
[monitor://D:\Splunk\Logs\uVisit\dd]
disabled = false
sourcetype = dd

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...