Hello,
Please bear with me because I'm new to Splunk and I've only just started using it today. Also note that I am currently running their trial and have not purchased anything yet.
I am looking to index the Application logs from our PeopleSoft server, which are stored as `APPSRV_*.LOG` on the PeopleSoft server. A new log file is created for each day and the format is `APPSRV_MMDD.LOG`. Within the directory that the APPSRV logs are stored are other files that are of no interest to me at the moment.
I currently have my data input setup as a UNC path to the directory, but I don't know how to only allow indexing on the `APPSRV_MMDD.LOG`s and not the others. Is there a way to index only certain file names by using a wildcard and not others, or must I index the entire directory? Please let me know if you have any questions.
Thank you,
Robert
↧