Hi,
I have a directory on E drive by name SPLUNK. It has 3 to 4 subdirectories in it and under each subdirectory there almost 10 files with names as SystemOut_14.2.2011_1, SystemOut_14.2.2011_2 etc..
But in my SPLUNK only monitors the first file in each of the subdirectory, not the rest, why is it happening so?
Appreciate your help!
Regards,
Sushma.
Hi sushma7,
You monitor path is wrong, use this instead
[monitor://E:\Splunk]
Also read the docs on how to monitor files and directories and about monitorNoHandle
is special.
Cheers, MuS
permission troubles perhaps? check splunkd.log for any messages related to this directory and/or those files
I had this problem n fix it .
looks like you already doing it right but my mistake was type ..\ , should ...\ (3 dots)
[monitor://C:\inetpub\logs\LogFiles...*.log]
whats the extension of the files? why don't you put the names explicitly?
[monitor://E:\Splunk\...\*.log]
Any suggestions please?
Sorry to say this, it was my typo error I gave the same thing that you have mentioned i.e. [monitor://E:\Splunk]
disabled=false
recursive=true
But why is it not viewing my other log files? Is there any UNC restriction in SPLUNK? When it can read a file by SystemOut_14.2.2011_1 in one of the sub directory, why is it not viewing the other 9 log files whose name just differs by last digitSystemOut_14.2.2011_2 etc...
Need help!
Under inputs.conf file i just enetered [monitor:///E:\Splunk]
disabled =false
recursive = true
Is thereanything more I need to enter?