Hi,
I am trying to monitor a directory called RSD and it contains a file RSDReport.xml.
When i start searching it shows 500 events and i made a simple report.
After some time, i added another file RSDReport1.xml in the RSD directory, but there are no changes in the search result.
Now my questions are:
1) should the report be automatically update without any event generated by me?
2) Should i run the search again?
3) Will I have to restart the splunk service?
One thing i would like to mention here is that both files don't contain the same initial 256 bytes
Again, when i added initCrcLength = 2000 in inputs.conf, restarted the splunk service, and ran the search again, it gave the expected output.
I am thinking that when i am monitoring a directory, then changes should be reflected automatically. We need not bother about to restart splunk service and re-run the search.
Please guide me about directory monitoring. I read documentation and i have a little bit idea about it.
Thanks,
Aditya
... View more