I'm trying to index all the files marked with a [Y] in the directory structure below.
[Y] - /tmp/test.log
[Y] - /tmp/logs/test.log
[Y] - /tmp/logs/test.log.20160218
[N] - /tmp/logs/test.log.20160218.gz
[N] - /tmp/logs/test.log.20160218.out
[N] - /tmp/logs/test.log20160218
[N] - /tmp/logs/test.log20160218.gz
My monitor stanza in inputs.conf is as follows:
[monitor:///tmp/*/test.(log|log\.[0-9]+)]
index = splunkprod
sourcetype = testdata
ignoreOlderThan = 5d
However, it does not pick up anything. Does anybody know why? Thanks
... View more