Not receiving all files present in the directory?

pal_sumit1 · ‎10-14-2019

I am monitoring files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\
Below is my input.conf

[monitor://F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\adminids.txt]
index=cmr-reports
sourcetype=db2:accounts
disabled = 0

[monitor://F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs*]
index=cmr-reports
sourcetype=db2:accounts
disabled = 0

Files present in the path F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\
adminids.txt
rgndbp1.txt
rgndbp2.txt
rgndbp3.txt
rgndbp4.txt
rgndbp5.txt
rgndbp6.txt
rgndbp7.txt
rgndbp8.txt
rgndsp0.txt

I am able receive all files in splunk except "adminids.txt" file.

Can anyone suggest what I am doing wrong ?..

Thanks in advance..

gcusello · ‎10-14-2019

Hi pal_sumit1,
if the content of the file is the same of F:\ftproot\ControlMonitorReports\Admin\EOR_DB2_Monitor_Logs\adminids.txt it's correct, because Splunk doesn't index twice the same file also with different names (or paths).
in this case you should try crcSal = <SOURCE> option to force Splunk to index both the files.

Ciao.
Giuseppe

Not receiving all files present in the directory?

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms