Hi All,
I want to ingest the log files from an application server directory using universal forwarder.
Log file names are in below pattern
ABC.%d-01-2017.log
Examples:
ABC.09-01-2017.log
ABC.09-02-2017.log
ABC.09-03-2017.log
ABC.09-04-2017.log
What should be the stanza in the inputs.conf on my forwarder such that i only monitor and ingest today's file. Also i have lot of old files in the same path,i want to start ingesting the files from the day i push the changes to production[not interested in historical].
Can you please let me know how to go about this without using "ignoreOlderThan" feature.
I did look at this , wondering if there is any other way -->https://answers.splunk.com/answers/206950/how-to-configure-inputsconf-on-a-universal-forward.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev
Thank you in advance!!
↧
