In our Splunk forwarder, in the path: /opt/splunk/etc/apps/app01/default we have many stanzas such as:
[monitor:///export/data/syslog-ng/sentry*/messages]
disabled = false
host_regex = /export/data/syslog-ng/(.*?)/messages
index = asalg
sourcetype = cisco_asa
and under every stanza there is the following line:
host_regex = /export/data/syslog-ng/(.*?)/messages
I am very curious to know what the "/(.*?)/" means?
Thank you.
↧