We are having issues getting Splunk to process log files in windows, The identical configuration works in linux.
Appreciate any help in identifying what the problem could be
**This does not work**
[batch://E:\DATA\FTP\*.log.gz]
host_regex = E:\DATA\FTP\[A-Z]+_(?:(?:(?:[a-z]+_)|(?:[a-z]+_\d+_)))([a-z]+\d+)_+\d+\.log\.gz
sourcetype = bluecoat:proxysg:access:file
index = ip-bluecoat
move_policy = sinkhole
disabled = false
**This works**
[batch:///home/ec2-user/temp/*.log.gz]
host_regex = /home/ec2-user/temp/[A-Z]+_(?:(?:(?:[a-z]+_)|(?:[a-z]+_\d+_)))([a-z]+\d+)_+\d+\.log\.gz
sourcetype = bluecoat:proxysg:access:file
index = ip-bluecoat
move_policy = sinkhole
disabled = false
Sample log file names:
AB_main_abc123_20151124230023.log
AB_main_2_abc123__2341124210817.log
Splunk version is 6.3
↧