Solved: Re: index files in same directory

stwong · ‎05-28-2012

Hi all,

I'm a newbie to Splunk. I tried to index all apache log files in the same directory as a single source so that I can do searching of all files as a whole. However, each file becomes an independent source in the search page. Then I've to use multiple "source=" query to search records in different files.

Is it possible to make all files in the directory as a single source ?

Thanks a lot.
/ST Wong

Ayn · ‎05-28-2012

There are ways to do this that require some messing around with on-the-fly transforming of the source value, but I wonder if you really need that? You can easily put a wildcard at the end when you search for the sources in the directory you're interested in, like so:

source="/the/directory/containing/apachelogs/*"

View solution in original post

Ayn · ‎05-28-2012

There are ways to do this that require some messing around with on-the-fly transforming of the source value, but I wonder if you really need that? You can easily put a wildcard at the end when you search for the sources in the directory you're interested in, like so:

source="/the/directory/containing/apachelogs/*"

Ayn · ‎05-28-2012

No problem. Could you please mark my answer as accepted? Thanks!

stwong · ‎05-28-2012

thanks a lot.

index files in same directory

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability