A customer is using regex to whitelist access logs and secure logs from a web server, but only the access logs are being ingested. Which troubleshooting resource would provide insight into why the secure logs are not being ingested?
The troubleshooting resource that would provide insight into why the secure logs are not being ingested by regex whitelisting is tailingprocessor. The tailingprocessor is a Splunk Enterprise component that monitors files and directories for new data. It also applies filtering rules based on props.conf settings, such as whitelist and blacklist. By using the btool command with the tailingprocessor option, you can see how Splunk Enterprise evaluates the filtering rules for a given file or directory. Therefore, the correct answer is D, tailingprocessor. References :=
Use btool to troubleshoot configurations
Configure event processing
Monitor files and directories with inputs.conf
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit