Problem with wildcard in inputs.conf?

SarahWKarvenz · ‎02-21-2012

I cannot seem to get my inputs.conf to accept the wildcard in the monitor string.
This is my inputs.conf file:

[default]
host = webLog

[monitor:///opt/log/www*]
index=web
host_segment=3

I get the following error in the splunkd.log:
ERROR TailingProcessor - matching /opt/log/www3/ against ^/opt/log/www[^/]*$

If I change my inputs to:
[monitor:///opt/log/www*]
index=web
host_segment=3

I get the following error in the splunkd.log:
ERROR TailingProcessor - matching /opt/log/www3/ against ^/opt/log/www[^/]*$

If I change it to:
[monitor:///opt/log/www1]
index=web
host_segment=3

It works and will grab all logs in the www1 folder.

Thanks!

lguinn2 · ‎02-22-2012

You need to use a different wild card for the directory name:

[monitor:///opt/log/www...]

Will work.