1

I have this xml configuration for splunk to get logs and I used it to register the splunk agent

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE logging SYSTEM "loggingdg">
<logging id="xyx" version="3">
    <file>
        <pattern>\\xyz\abc$\sample\*txt</pattern>
    </file>
</logging>

but I am not able to see the logs in splunk dashboard, and I have come to know the issue is that the path (pattern) should not contain $ and the legal set of characters are a-zA-Z0-9._-*/:\ , so what I can do in these case?

I register the above xml file for splunk but I am not able to see the logs.

Techie
  • 21
  • 2
  • You are getting a file from the server "xyz" in the root folder "abc". The dollar sign indicates you are an ADMIN for both the local and remote machines. You use a dollar sign instead of a colon when you are an admin in windows. – jdweng Aug 14 '23 at 14:12
  • are events showing up in Splunk at all? If they are (but are garbled/broken), it might be fixable with props.conf – warren Aug 14 '23 at 16:32

0 Answers0