Find more things to monitor with crawl
Contents
Find more things to monitor with crawl
Use the crawl search command to search your file system or network for new data sources to add to your index.
You can change default crawler settings by editing crawl.conf. You can override the crawler defaults at the time that you run crawl.
crawl produces a log of crawl activity that's stored in $SPLUNK_HOME/var/log/splunk/crawl.log.
Change crawler defaults
Edit $SPLUNK_HOME/etc/system/local/crawl.conf to change the default crawler configuration settings. You define the files and network crawlers separately, in their own stanzas.
Syntax
crawl.conf contains two stanzas: [files] and [network], which define defaults for the files and network crawlers, respectively.
For information on the definable attributes for those stanzas and their default values, read the crawl.conf spec file.
Example
Here's an example crawl.conf file with settings defined for both the files and network crawlers:
[files] bad_directories_list= bin, sbin, boot, mnt, proc, tmp, temp, home, mail, .thumbnails, cache, old bad_extensions_list= mp3, mpg, jpeg, jpg, m4, mcp, mid bad_file_matches_list= *example*, *makefile, core.* packed_extensions_list= gz, tgz, tar, zip collapse_threshold= 10 days_sizek_pairs_list= 3-0,7-1000, 30-10000 big_dir_filecount= 100 index=main max_badfiles_per_dir=100 [network] host = myserver subnet = 24
This documentation applies to the following versions of Splunk: 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 , 5.0.3 View the Article History for its revisions.