![]() See the following table for a description of the wildcards you can use and examples: You can use wildcards to specify the input path for a file or directory monitor input. If it does not have read access to all of the directories in the path, it cannot read the file, even if it has read access to the file directly.Ī wildcard is a character that you can substitute for one or more unspecified characters when searching text or selecting multiple files or directories. For example, if you want to monitor a file with the path /var/log/server_a/tree_b/directory_c/file.log, the instance must have read permission in the following directories: ![]() When you configure an input path that has a wildcard, the Splunk platform instance must have at least read access to the entire path to the file you want to monitor with the wildcard. To specify wildcards, you must specify file and directory monitor inputs in the nf file. Input path specifications in the nf file do not use regular expressions (regexes) but rather wildcards that are specific to the Splunk platform. In Splunk Enterprise, you can edit this file on your Splunk Enterprise instance. ![]() In Splunk Cloud Platform, you can edit this file on a forwarder that collects the data. You can configure inputs manually by editing the nf configuration file. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |