Forums: SplunkAdministration: Multiple Directories having the same SourceType

Previous Topic: Set permissions for roles to access specific indexes during distributed search  |   Next Topic: Splunk and Wireless access point


Posts 1–3 of 3  |  Post to this topic
1
anon1m0us's Mugshot posted by: anon1m0us  |  posts
date: October 14, 2009
permalink

Can I have multiple directories using the same sourcetype?

We have application logs that are split into two locations. I want to have one sourcetype to access them both.

For Example:
[monitor:D:\Application\Logs\OldLogs]
sourcetype = appslogs
disabled = false
index=commonapps

[monitor:C:\Application\Logs\CurrentLogs]
sourcetype = applogs
disabled = false
index=commonapps

Any better ways of doing it?

2
araitz's Mugshot posted by: araitz  |  posts
date: October 14, 2009
permalink

Sure, that will work fine. The point of sourcetypes is to span across multiple sources.

3
anon1m0us's Mugshot posted by: anon1m0us  |  posts
date: October 14, 2009
permalink

Thanks!
The docs only mentioned Subdirectories, so I was a little worried about different directories.

Post to this topic

You must be logged in to post a reply.