I'm using splunk to monitoring directories and in directories I've many sub folder such as
/home/username/192.168.1.1/2016-03-01/(00-24)/(info.log.gz, err.log.gz)
/home/username/192.168.1.1/2016-03-02/(00-24)/(info.log.gz, err.log.gz)
/home/username/192.168.1.1/2016-03-03/(00-24)/(info.log.gz, err.log.gz)
.
.
./home/username/192.168.1.1/2016-03-31/(00-24)/(info.log.gz, err.log.gz)
These folder store achive log in gz file. When I trying to monitoring directories, Splunk will indexing data someday such as Index only 2016-03-01, 08, 14, 16-31. I don't know why my splnuk can index data completely in half a month. But in the early month splunk index data incomplete.
I'm monitoring directories via add data from WebUI and using Whitelist and Blacklist
Whitelist: /home/username/192.168.1.1/\d\d\d\d-03-\d\d/.*
Blacklist: \.(hash)$
How can I solve this issue. Please kindly advice me.
Sorry for my English
↧