Documentation > Splunk > Admin Manual > Determine what files Splunk is monitoring

Admin Manual

 


About the Splunk Admin Manual
How Splunk Works
Getting Started
Data Inputs
Data Distribution
Indexing
Timestamps
Fields
Hosts
Source Types
Event Types
Transaction Types
Search
Distributed Search
Alerts
Security
Data Management
Deployment Server
Performance Tuning
Configuration Files
Applications
Reference
Troubleshooting

Determine what files Splunk is monitoring

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Determine what files Splunk is monitoring

When you configure inputs, you may want to know what specific files Splunk is monitoring prior to starting Splunk for indexing. This is especially true when configuring whitelisting/blacklisting rules. Splunk includes a listtails utility which reads in the configuration of inputs.conf in all applications, scans your directories and shows you the exact list of files what Splunk will monitor when you restart. This allows you to make changes to inputs.conf and verify if the blacklist/whitelist filtering is correct.


Run listtails

To use the listtails utility:


1. Navigate to $SPLUNK_HOME/bin/.


2. Run the command ./splunk cmd listtails.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.4.2/Admin/DetermineWhatFilesSplunkIsMonitoring"

This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!