I have a props.conf file where I need to point to a custom DATETIME_CONFIG xml file. Now, this file may go to either a Linux box or a Windows box. So right now, my DATETIME_CONFIG line looks as such:
DATETIME_CONFIG = ./FILE_datetime.xml
Will Splunk properly interpret this on both Windows and Linux? Or do I have to make special props.conf files for Linux and Windows, the latter being one with Backslashes instead?
I know they must be different when it comes to Stanza Headers. But being able to use RegEx in those helps, so I can do something like "source::.[\/]pathname[\/]filename.ext". But I'm not sure if that works in a VALUE under the stanza.
Thanks.
