Documentation > Splunk > Admin Manual > Determine what files Splunk will be tailing

Admin Manual

 


Getting Started
How Splunk Works
Configuring a Splunk Deployment
Data Inputs
Hosts
Source Types
Timestamp Recognition
Events
Event Types
Meta Events
Fields
Segmentation
Saved Searches and Alerts
Authentication
Granular Access Control
Data Distribution
Distributed Search
Deployment Server
Index Management
Bundles
SplunkBase
Performance Tuning
Routine Maintenance
How-To
Troubleshooting
Reference

Determine what files Splunk will be tailing

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Determine what files Splunk will be tailing

When configuring your inputs there often is a need to know what specific files Splunk will reading prior to starting Splunk for indexing. This is especially true when configuring Whitelisting/Blacklisting rules. Splunk ships the listtails utility which reads in the configuration of inputs.conf in all bundles, scans your directories and shows you the exact list of files that Splunk will tail when you restart. This allows you to make changes to inputs.conf and verify if the blacklist/whitelist filtering is correct.


Running listtails

In order to use the listtails utility perform the following steps:


Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.1.4/Admin/DetermineWhatFilesSplunkWillBeTailing"

This documentation applies to the following versions of Splunk: 3.1.3 , 3.1.4 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!