Re: Monitoring the directories recursively

sushma7 · ‎03-13-2014

Hi,

I have a directory on E drive by name SPLUNK. It has 3 to 4 subdirectories in it and under each subdirectory there almost 10 files with names as SystemOut_14.2.2011_1, SystemOut_14.2.2011_2 etc..
But in my SPLUNK only monitors the first file in each of the subdirectory, not the rest, why is it happening so?

Appreciate your help!

Regards,
Sushma.

MuS · ‎03-14-2014

Hi sushma7,

You monitor path is wrong, use this instead

[monitor://E:\Splunk]

Also read the docs on how to monitor files and directories and about monitorNoHandle is special.

Cheers, MuS

MuS · ‎03-16-2014

permission troubles perhaps? check splunkd.log for any messages related to this directory and/or those files

chandanghoshCTL · ‎08-17-2018

I had this problem n fix it .
looks like you already doing it right but my mistake was type ..\ , should ...\ (3 dots)
[monitor://C:\inetpub\logs\LogFiles...*.log]

linu1988 · ‎03-16-2014

whats the extension of the files? why don't you put the names explicitly?

[monitor://E:\Splunk\...\*.log]

sushma7 · ‎03-16-2014

Any suggestions please?

sushma7 · ‎03-15-2014

Sorry to say this, it was my typo error I gave the same thing that you have mentioned i.e. [monitor://E:\Splunk]
disabled=false
recursive=true

But why is it not viewing my other log files? Is there any UNC restriction in SPLUNK? When it can read a file by SystemOut_14.2.2011_1 in one of the sub directory, why is it not viewing the other 9 log files whose name just differs by last digitSystemOut_14.2.2011_2 etc...

sushma7 · ‎03-14-2014

Need help!

sushma7 · ‎03-13-2014

Under inputs.conf file i just enetered [monitor:///E:\Splunk]
disabled =false
recursive = true

Is thereanything more I need to enter?

Monitoring the directories recursively

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases