My logs files are having named as "xxxx*.log.2018-06-27, xxxx*.log.2018-06-26, xxxx*.log.2018....."
it differntiate with date when it was genrated.
Now i want to monitor the directory for log files.
when i search for the log in directory using splunk, the source count is only 1. It takes only 1file for search.
All log files having different contents. So I am not able to search for whole log files.
Please suggest in this case.
Let me know in case of more info required.alt text
Try this:
[monitor://D:\Splunk\Logs\*\dd\*.log]
disabled = false
sourcetype = dd
Thanks for input.
But It doesn't work. If you rename the log files with different name then it work and available for the search.
Modify your monitor stanza to below:
[monitor://D:\Splunk\Logs\uVisit\dd\Visit*.log*]
disabled = false
sourcetype = dd
OR
[monitor://D:\Splunk\Logs\uVisit\dd]
disabled = false
whitelist = \.log\.\d+|\.log$
sourcetype = dd
Thanks for input.
But It doesn't work. If you rename the log files with different name then it work and available for the search.
For the .log.date
files, file type is not Text document
. Can you open and read the files with date extension. If yes, then above monitor stanza should work as it is using *.log*
which matches all files under dd
directory.
@dhirendra761 , hows your inputs.conf configured?
I will share the links for file directory which i used currently.
@renjith.nair Hi Renjith,
input.conf is configured as below:
[monitor://D:\Splunk\Logs\uVisit\dd]
disabled = false
sourcetype = dd