Hello,
I'm trying to pull in a logfile that is named different on each workstation, using a regular expression in the inputs.conf file.
The filename is written to each workstation as follows:
filename format:
` `*logfile* (static text)
` `*computer#* -> three digit number, with leading zeros
` `*.txt*
for example:.
` `Computer#1 - logfile001.txt
` `Computer#2 - logfile002.txt
` `...
` `Computer #20 - logfile020.txt
etc..
I attempted to create a regular expression to distribute out to each workstation so that Splunk would read in whatever the filename that is located on the terminal, but the file fails to load.
` `**[monitor://C:\logs\logfile0(01|02|03|04|05|06|07|08|09|10|11|12|13|14|15|16|17|18|19|20).txt]**
I cannot use a wildcard in the monitor line, such as *logfile**.txt* because files are rolled over each day with a same filename with the addition of a timestamp (i.e. logfile01_2017-02-05.txt) and I don't want to re-read the archived data into the index.
Does anyone have a suggestion on what is incorrect with the expression that would cause the file not to be loaded?
Any advice would be appreciated. Thank you in advance!
... View more