The second stanza is invalid and throws an error at splunkd restarts:
Bad regex value: 'source::...\var\log\splunk\kvstore_tools.log', of param: props.conf / [source::...\var\log\splunk\kvstore_tools.log]; why: PCRE does not support \L, \l, \N{name}, \U, or \u
The source stanza is a regex field, which is why it throws an error:
When setting a [<spec>] stanza, you can use the following regex-type syntax:
... recurses through directories until the match is met
or equivalently, matches any number of characters.
* matches anything but the path separator 0 or more times.
The path separator is '/' on unix, or '\' on Windows.
Intended to match a partial or complete directory or filename.
| is equivalent to 'or'
( ) are used to limit scope of |.
\\ = matches a literal backslash '\'.
Hi,
I saw that the following stanzas have been added to
default/props.confin the newest release:The second stanza is invalid and throws an error at splunkd restarts:
Bad regex value: 'source::...\var\log\splunk\kvstore_tools.log', of param: props.conf / [source::...\var\log\splunk\kvstore_tools.log]; why: PCRE does not support \L, \l, \N{name}, \U, or \uThe source stanza is a regex field, which is why it throws an error:
Regards, Julian