Topics

| pdf version

How Splunk Works

Getting Started

Data Inputs

Data Distribution

Indexing

Timestamps

Fields

Hosts

Source Types

Event Types

Search

Distributed Search

Security

Data Management

Deployment Server

Performance Tuning

Configuration Files

Applications

Reference

Troubleshooting


Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Determine what files Splunk is tailing

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6

Determine what files Splunk is tailing

When you configure inputs, you may want to know what specific files Splunk will read prior to starting Splunk for indexing. This is especially true when configuring whitelisting/blacklisting rules. Splunk includes a listtails utility which reads in the configuration of inputs.conf in all bundles, scans your directories and shows you the exact list of files what Splunk will tail when you restart. This allows you to make changes to inputs.conf and verify if the blacklist/whitelist filtering is correct.


Run listtails

To use the listtails utility:


1. Navigate to $SPLUNK_HOME/bin/.


2. Run the command ./splunk cmd listtails.

Retrieved from "http://www.splunk.com/base/Documentation/3.2/Admin/DetermineWhatFilesSplunkIsTailing"
Revision: 207 | Contact | Privacy Policy | Terms of Use | Community content licensed under Creative Commons

Copyright © 2005-2009 Splunk Inc. All rights reserved.