Need help w/ Ubuntu host_regex

I've had a splunk install on windows working great & now I've moved to an Ubuntu & having problems just with my host_regex in inputs.conf.

My windows regex worked great.

Moved to Ubuntu & looks like host_regex = //NFS/LOGS/getdisks/(S+)-DISK.txt$

files look like this.

/NFS/LOGS/getdisks/LOC1-Server1-DISK.txt
/NFS/LOGS/getdisks/LOC2-Server-1-DISK.txt

/NFS/LOGS/getdisks/LOC3-Server2-DISK.txt

/NFS/LOGS/getdisks/LOC1-Server2-DISK.txt
/NFS/LOGS/getdisks/LOC2-Server-2-DISK.txt
/NFS/LOGS/getdisks/LOC2-Server-3-DISK.txt

it really doesnt give you a hint where your going wrong. I've pumped it into a REGEX tester & it seems right. I know it should work.

Anyone care to throw in something else to try?

host_regex inputs.conf

asked 10 Nov '11, 12:38

clintla
50●1●4
accept rate: 20%

One Answer:

1	host_regex = :/NFS/LOGS/getdisks/(S+)-DISK.txt$ finally tried enough & it worked link answered 10 Nov '11, 13:54 clintla 50●1●4 accept rate: 20%

Post your answer

toggle preview

Email:

RSS:

Answers

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

Tags:

Asked: 10 Nov '11, 12:38

Seen: 477 times

Last updated: 10 Nov '11, 13:54